From c5eff1d89eee1aa6203cd305acec6d49f4f03483 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 9 Jul 2020 14:47:55 -0400 Subject: [PATCH 001/124] [feat][WIP] Add option to run `so-allow -a ` during setup --- salt/common/tools/sbin/so-allow | 26 +++++++++++++------------- setup/so-setup | 4 +++- setup/so-whiptail | 26 +++++++++++++++++++++++--- 3 files changed, 39 insertions(+), 17 deletions(-) diff --git a/salt/common/tools/sbin/so-allow b/salt/common/tools/sbin/so-allow index 71c8f8c9b..c6d3d6bf0 100755 --- a/salt/common/tools/sbin/so-allow +++ b/salt/common/tools/sbin/so-allow @@ -89,7 +89,7 @@ if [ "$SKIP" -eq 0 ]; then echo "[p] - Wazuh API - port 55000/tcp" echo "[r] - Wazuh registration service - 1515/tcp" echo "" - echo "Please enter your selection (a - analyst, b - beats, o - osquery, w - wazuh):" + echo "Please enter your selection:" read -r ROLE echo "Enter a single ip address or range to allow (example: 10.10.10.10 or 10.10.0.0/16):" read -r IP @@ -127,16 +127,16 @@ salt-call state.apply firewall queue=True if grep -q -R "wazuh: 1" $local_salt_dir/pillar/*; then # If analyst, add to Wazuh AR whitelist if [ "$FULLROLE" == "analyst" ]; then - WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf" - if ! grep -q "$IP" $WAZUH_MGR_CFG ; then - DATE=$(date) - sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG - sed -i '/^$/N;/^\n$/D' $WAZUH_MGR_CFG - echo -e "\n \n $IP\n \n" >> $WAZUH_MGR_CFG - echo "Added whitelist entry for $IP in $WAZUH_MGR_CFG." - echo - echo "Restarting OSSEC Server..." - /usr/sbin/so-wazuh-restart - fi - fi + WAZUH_MGR_CFG="/opt/so/wazuh/etc/ossec.conf" + if ! grep -q "$IP" $WAZUH_MGR_CFG ; then + DATE=$(date) + sed -i 's/<\/ossec_config>//' $WAZUH_MGR_CFG + sed -i '/^$/N;/^\n$/D' $WAZUH_MGR_CFG + echo -e "\n \n $IP\n \n" >> $WAZUH_MGR_CFG + echo "Added whitelist entry for $IP in $WAZUH_MGR_CFG." + echo + echo "Restarting OSSEC Server..." + /usr/sbin/so-wazuh-restart + fi + fi fi diff --git a/setup/so-setup b/setup/so-setup index 3f6d42380..0f28f1244 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -331,6 +331,8 @@ else FLEETNODEPASSWD1=$WEBPASSWD1 fi +if [[ $is_master ]]; then whiptail_so_allow; fi + whiptail_make_changes if [[ -n "$TURBO" ]]; then @@ -620,7 +622,7 @@ if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 fi -if [[ $success != 0 || $SO_ERROR == 1 ]]; then whiptail_setup_failed +if [[ $success != 0 || -n $SO_ERROR ]]; then whiptail_setup_failed else whiptail_setup_complete if [[ $THEHIVE == 1 ]]; then check_hive_init; fi diff --git a/setup/so-whiptail b/setup/so-whiptail index e165ba351..0b34d3cb8 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -435,9 +435,7 @@ whiptail_homenet_sensor() { whiptail_check_exitstatus $exitstatus export HNSENSOR - fi - } whiptail_install_type() { @@ -1057,6 +1055,29 @@ whiptail_shard_count() { } +whiptail_so_allow() { + + [ -n "$TESTING" ] && return + + whiptail --title "Security Onion Setup" \ + --yesno "Do you want to run so-allow to allow access to the web tools?" \ + 8 75 + + local exitstatus=$? + + if [[ $exitstatus == 0 ]]; then + ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \ + --inputbox "Enter a single ip address or range (in CIDR notation) to allow" \ + 10 75 125 3>&1 1>&2 2>&3) + local exitstatus=$? + + export ALLOW_ROLE='a' + export ALLOW_CIDR + fi + + whiptail_check_exitstatus $exitstatus +} + whiptail_strelka_rules() { [ -n "$TESTING" ] && return @@ -1073,7 +1094,6 @@ whiptail_strelka_rules() { export STRELKARULES fi - } whiptail_suricata_pins() { From 72aa91b7634dd9f6e52b7be56fbdc142cc417cb1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 10 Jul 2020 14:38:03 -0400 Subject: [PATCH 002/124] [feat] Add message in setup and motd on where to access SOC --- ...te_reboot_required.jinja => so_motd.jinja} | 5 +++++ salt/motd/init.sls | 4 ++-- setup/so-functions | 6 +++--- setup/so-whiptail | 20 ++++++++++++++++--- 4 files changed, 27 insertions(+), 8 deletions(-) rename salt/motd/files/{package_update_reboot_required.jinja => so_motd.jinja} (86%) diff --git a/salt/motd/files/package_update_reboot_required.jinja b/salt/motd/files/so_motd.jinja similarity index 86% rename from salt/motd/files/package_update_reboot_required.jinja rename to salt/motd/files/so_motd.jinja index 6d94fc613..941aa2350 100644 --- a/salt/motd/files/package_update_reboot_required.jinja +++ b/salt/motd/files/so_motd.jinja @@ -1,4 +1,9 @@ {% set needs_restarting_check = salt['mine.get']('*', 'needs_restarting.check', tgt_type='glob') -%} +{% set url = salt['pillar.get']('master:url_base') -%} + + +Access the Security Onion web interface at https://{{ url }} +(You may need to run so-allow first if you haven't yet) {%- if needs_restarting_check %} {%- set minions_need_restarted = [] %} diff --git a/salt/motd/init.sls b/salt/motd/init.sls index 4dae979bf..06ad270a1 100644 --- a/salt/motd/init.sls +++ b/salt/motd/init.sls @@ -1,5 +1,5 @@ -package_update_reboot_required_motd: +so_motd: file.managed: - name: /etc/motd - - source: salt://motd/files/package_update_reboot_required.jinja + - source: salt://motd/files/so_motd.jinja - template: jinja diff --git a/setup/so-functions b/setup/so-functions index 63bed83dc..94caeba19 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -926,13 +926,13 @@ master_pillar() { case $REDIRECTINFO in 'IP') - REDIRECTIT="$MAINIP" + export REDIRECTIT="$MAINIP" ;; 'HOSTNAME') - REDIRECTIT=$HOSTNAME + export REDIRECTIT=$HOSTNAME ;; *) - REDIRECTIT="$REDIRECTHOST" + export REDIRECTIT="$REDIRECTHOST" ;; esac diff --git a/setup/so-whiptail b/setup/so-whiptail index 0b34d3cb8..20e4d7ee5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1033,7 +1033,21 @@ whiptail_setup_complete() { [ -n "$TESTING" ] && return - whiptail --title "Security Onion Setup" --msgbox "Finished $install_type install. Press Ok to reboot." 8 75 + if [[ -n $ALLOW_CIDR ]]; then + local sentence_prefix="Access" + else + local sentence_prefix="Run so-allow after reboot to access" + fi + + read -r -d '' message <<- EOM + Finished ${install_type} install + + ${sentence_prefix} the web interface at https://${REDIRECTIT} + + Press ENTER to reboot + EOM + + whiptail --title "Security Onion Setup" --msgbox "$message" 12 75 } whiptail_setup_failed() { @@ -1068,7 +1082,7 @@ whiptail_so_allow() { if [[ $exitstatus == 0 ]]; then ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \ --inputbox "Enter a single ip address or range (in CIDR notation) to allow" \ - 10 75 125 3>&1 1>&2 2>&3) + 10 75 3>&1 1>&2 2>&3) local exitstatus=$? export ALLOW_ROLE='a' @@ -1125,7 +1139,7 @@ whiptail_master_updates() { local update_string update_string=$(whiptail --title "Security Onion Setup" --radiolist \ "How would you like to download OS package updates for your grid?:" 20 75 4 \ - "MASTER" "Master node is proxy for updates." ON \ + "MASTER" "Master node is proxy for updates" ON \ "OPEN" "Each node connects to the Internet for updates" OFF 3>&1 1>&2 2>&3 ) local exitstatus=$? whiptail_check_exitstatus $exitstatus From 67c8836cd666226b93a9240bab2c013428ae1103 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 10 Jul 2020 14:39:02 -0400 Subject: [PATCH 003/124] [fix] Use 100GB min space for standalone also --- setup/so-functions | 6 +++--- setup/so-setup | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 94caeba19..a35393ddf 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -398,7 +398,7 @@ checkin_at_boot() { } check_requirements() { - local eval_or_dist=$1 + local standalone_or_dist=$1 local node_type=$2 # optional local req_mem local req_cores @@ -407,12 +407,12 @@ check_requirements() { readarray -t nic_list <<< "$(ip link| awk -F: '$0 !~ "lo|vir|veth|br|docker|wl|^[^0-9]"{print $2}' | grep -vwe "bond0" | sed 's/ //g')" local num_nics=${#nic_list[@]} - if [[ "$eval_or_dist" == 'eval' ]]; then + if [[ "$standalone_or_dist" == 'standalone' ]]; then req_mem=12 req_cores=4 req_nics=2 req_storage=100 - elif [[ "$eval_or_dist" == 'dist' ]]; then + elif [[ "$standalone_or_dist" == 'dist' ]]; then req_mem=8 req_cores=4 req_storage=40 diff --git a/setup/so-setup b/setup/so-setup index 0f28f1244..d9bc73d27 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -163,8 +163,8 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then is_helix=true fi -if [[ $is_eval ]]; then - check_requirements "eval" +if [[ $is_master && $is_sensor ]]; then + check_requirements "standalone" elif [[ $is_fleet_standalone ]]; then check_requirements "dist" "fleet" elif [[ $is_sensor && ! $is_eval ]]; then From f56811e745b4c69ccb13c817175ce1ba44f9d6f7 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 10 Jul 2020 14:40:04 -0400 Subject: [PATCH 004/124] [feat] Use setup user+pass for TheHive, Cortex, and Fleet as well --- salt/thehive/scripts/cortex_init | 14 +++++++------- salt/thehive/scripts/hive_init | 8 ++++---- setup/so-functions | 11 ++++++----- setup/so-whiptail | 3 ++- 4 files changed, 19 insertions(+), 17 deletions(-) diff --git a/salt/thehive/scripts/cortex_init b/salt/thehive/scripts/cortex_init index 063ae498d..922ad45dc 100644 --- a/salt/thehive/scripts/cortex_init +++ b/salt/thehive/scripts/cortex_init @@ -1,11 +1,11 @@ #!/bin/bash -{% set MASTERIP = salt['pillar.get']('static:masterip', '') %} -{%- set CORTEXUSER = salt['pillar.get']('static:cortexuser', '') %} -{%- set CORTEXPASSWORD = salt['pillar.get']('static:cortexpassword', '') %} -{%- set CORTEXKEY = salt['pillar.get']('static:cortexkey', '') %} -{%- set CORTEXORGNAME = salt['pillar.get']('static:cortexorgname', '') %} -{%- set CORTEXORGUSER = salt['pillar.get']('static:cortexorguser', '') %} -{%- set CORTEXORGUSERKEY = salt['pillar.get']('static:cortexorguserkey', '') %} +# {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %} +# {%- set CORTEXUSER = salt['pillar.get']('static:cortexuser', '') %} +# {%- set CORTEXPASSWORD = salt['pillar.get']('static:cortexpassword', 'cortexchangeme') %} +# {%- set CORTEXKEY = salt['pillar.get']('static:cortexkey', '') %} +# {%- set CORTEXORGNAME = salt['pillar.get']('static:cortexorgname', '') %} +# {%- set CORTEXORGUSER = salt['pillar.get']('static:cortexorguser', '') %} +# {%- set CORTEXORGUSERKEY = salt['pillar.get']('static:cortexorguserkey', '') %} default_salt_dir=/opt/so/saltstack/default diff --git a/salt/thehive/scripts/hive_init b/salt/thehive/scripts/hive_init index 296004e77..0163b45f3 100755 --- a/salt/thehive/scripts/hive_init +++ b/salt/thehive/scripts/hive_init @@ -1,8 +1,8 @@ #!/bin/bash -{% set MASTERIP = salt['pillar.get']('static:masterip', '') %} -{%- set THEHIVEUSER = salt['pillar.get']('static:hiveuser', '') %} -{%- set THEHIVEPASSWORD = salt['pillar.get']('static:hivepassword', '') %} -{%- set THEHIVEKEY = salt['pillar.get']('static:hivekey', '') %} +# {%- set MASTERIP = salt['pillar.get']('static:masterip', '') %} +# {%- set THEHIVEUSER = salt['pillar.get']('static:hiveuser', '') %} +# {%- set THEHIVEPASSWORD = salt['pillar.get']('static:hivepassword', 'hivechangeme') %} +# {%- set THEHIVEKEY = salt['pillar.get']('static:hivekey', '') %} thehive_init(){ sleep 120 diff --git a/setup/so-functions b/setup/so-functions index a35393ddf..d9ebf0d15 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -979,15 +979,16 @@ master_static() { " broversion: $BROVERSION"\ " ids: $NIDS"\ " masterip: $MAINIP"\ - " hiveuser: hiveadmin"\ - " hivepassword: hivechangeme"\ + " hiveuser: $WEBUSER"\ + " hivepassword: $WEBPASSWD1"\ " hivekey: $HIVEKEY"\ - " cortexuser: cortexadmin"\ - " cortexpassword: cortexchangeme"\ + " cortexuser: $WEBUSER"\ + " cortexpassword: $WEBPASSWD1"\ " cortexkey: $CORTEXKEY"\ " cortexorgname: SecurityOnion"\ - " cortexorguser: soadmin"\ + " cortexorguser: $WEBUSER"\ " cortexorguserkey: $CORTEXORGUSERKEY"\ + " grafanapassword: $WEBPASSWD1"\ " fleet_custom_hostname: "\ " fleet_master: False"\ " fleet_node: False"\ diff --git a/setup/so-whiptail b/setup/so-whiptail index 20e4d7ee5..3b8b13f79 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -252,7 +252,8 @@ whiptail_create_web_user() { [ -n "$TESTING" ] && return WEBUSER=$(whiptail --title "Security Onion Install" --inputbox \ - "Please enter an email address to create an administrator account for the web interface." 10 60 3>&1 1>&2 2>&3) + "Please enter an email address to create an administrator account for the web interface. \ + This will also be used for TheHive, Cortex, and Fleet" 10 60 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus From 547298fce0d9967fb10a965cae3bd51d1056cbd0 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 10 Jul 2020 17:34:33 -0400 Subject: [PATCH 005/124] [refactor] Hide output for cortex and thehive init scripts --- salt/thehive/init.sls | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls index da07247c4..3ca913221 100644 --- a/salt/thehive/init.sls +++ b/salt/thehive/init.sls @@ -115,6 +115,7 @@ cortexscript: - source: salt://thehive/scripts/cortex_init - cwd: /opt/so - template: jinja + - hide_output: True so-thehive: docker_container.running: @@ -134,3 +135,4 @@ thehivescript: - source: salt://thehive/scripts/hive_init - cwd: /opt/so - template: jinja + - hide_output: True From ce7373501bb869665d2e7546f0b4b238e0e8c4fb Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 10 Jul 2020 17:58:47 -0400 Subject: [PATCH 006/124] [fix] Add fallback for hive + cortex users --- salt/thehive/scripts/cortex_init | 2 +- salt/thehive/scripts/hive_init | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/thehive/scripts/cortex_init b/salt/thehive/scripts/cortex_init index f653bc008..90980da9c 100644 --- a/salt/thehive/scripts/cortex_init +++ b/salt/thehive/scripts/cortex_init @@ -1,6 +1,6 @@ #!/bin/bash # {%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %} -# {%- set CORTEXUSER = salt['pillar.get']('static:cortexuser', '') %} +# {%- set CORTEXUSER = salt['pillar.get']('static:cortexuser', 'cortexadmin') %} # {%- set CORTEXPASSWORD = salt['pillar.get']('static:cortexpassword', 'cortexchangeme') %} # {%- set CORTEXKEY = salt['pillar.get']('static:cortexkey', '') %} # {%- set CORTEXORGNAME = salt['pillar.get']('static:cortexorgname', '') %} diff --git a/salt/thehive/scripts/hive_init b/salt/thehive/scripts/hive_init index bcd911c1e..a8307c0d6 100755 --- a/salt/thehive/scripts/hive_init +++ b/salt/thehive/scripts/hive_init @@ -1,6 +1,6 @@ #!/bin/bash # {%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %} -# {%- set THEHIVEUSER = salt['pillar.get']('static:hiveuser', '') %} +# {%- set THEHIVEUSER = salt['pillar.get']('static:hiveuser', 'hiveadmin') %} # {%- set THEHIVEPASSWORD = salt['pillar.get']('static:hivepassword', 'hivechangeme') %} # {%- set THEHIVEKEY = salt['pillar.get']('static:hivekey', '') %} From 4cfecae3b2dcef8f2ed1955619d6d255727f3305 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 10 Jul 2020 17:59:51 -0400 Subject: [PATCH 007/124] [ix] Remove grafanapassword pillar key --- setup/so-functions | 1 - 1 file changed, 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 487eb9a40..1f48e4939 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1010,7 +1010,6 @@ manager_static() { " cortexorgname: SecurityOnion"\ " cortexorguser: $WEBUSER"\ " cortexorguserkey: $CORTEXORGUSERKEY"\ - " grafanapassword: $WEBPASSWD1"\ " fleet_custom_hostname: "\ " fleet_manager: False"\ " fleet_node: False"\ From aee304e5d5f5be9986af3950fd76bd4cdd624a0d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 10 Jul 2020 18:13:20 -0400 Subject: [PATCH 008/124] [fix] master -> manager --- setup/so-setup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 42fa6c33a..4e12dc8b9 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -163,7 +163,7 @@ elif [ "$install_type" = 'HELIXSENSOR' ]; then is_helix=true fi -if [[ $is_master && $is_sensor ]]; then +if [[ $is_manager && $is_sensor ]]; then check_requirements "standalone" elif [[ $is_fleet_standalone ]]; then check_requirements "dist" "fleet" @@ -331,7 +331,7 @@ else FLEETNODEPASSWD1=$WEBPASSWD1 fi -if [[ $is_master ]]; then whiptail_so_allow; fi +if [[ $is_manager ]]; then whiptail_so_allow; fi whiptail_make_changes From f9c8f8cdcaeff0b72e8a6b7a79710f58fa119a75 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 10 Jul 2020 18:40:39 -0400 Subject: [PATCH 009/124] [fix] Set SKIP_REBOOT on any failure during setup --- setup/so-setup | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index ebce5861e..e1177c21c 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -58,7 +58,6 @@ function progress() { fi export SO_ERROR=1 - export SKIP_REBOOT=1 title="Error found, please check $setup_log" fi @@ -610,7 +609,7 @@ fi checkin_at_boot >> $setup_log 2>&1 set_progress_str 95 'Verifying setup' - salt-call -l info state.highstate >> $setup_log 2>&1 + salt-call -l info state.highstate >> $setup_log 2>&1 } | progress @@ -620,7 +619,9 @@ if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 fi -if [[ $success != 0 || $SO_ERROR == 1 ]]; then whiptail_setup_failed +if [[ $success != 0 || $SO_ERROR == 1 ]]; then + SKIP_REBOOT=1 + whiptail_setup_failed else whiptail_setup_complete if [[ $THEHIVE == 1 ]]; then check_hive_init; fi From 605daaf66b977cbf706650037cde9f3ac016ce00 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 10 Jul 2020 18:45:34 -0400 Subject: [PATCH 010/124] [fix] Only check for disk space on a network install --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 08d6015ae..b05da56dd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -420,7 +420,7 @@ check_requirements() { if [[ "$node_type" == 'fleet' ]]; then req_mem=4; fi fi - if (( $(echo "$free_space_root < $req_storage" | bc -l) )); then + if (( $(echo "$free_space_root < $req_storage" | bc -l) )) && [[ $setup_type == 'network' ]]; then whiptail_requirements_error "disk space" "${free_space_root} GB" "${req_storage} GB" fi From 65062d93f4a38029c7293eae121aa68b9224b03b Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Fri, 10 Jul 2020 19:43:43 -0400 Subject: [PATCH 011/124] Misc fixes --- salt/elasticsearch/files/ingest/beats.common | 18 +- salt/elasticsearch/files/ingest/common | 9 +- .../files/ingest/osquery.query_result | 20 +- .../templates/so/so-common-template.json | 6 +- salt/nginx/files/nav_layer_playbook.json | 2 +- salt/nginx/files/navigator_config.json | 2 +- salt/playbook/files/playbook-schema.sql | 1224 ----------------- salt/playbook/files/playbook_db_init.sql | 40 +- salt/playbook/files/redmine.db | Bin 2207744 -> 0 bytes 9 files changed, 65 insertions(+), 1256 deletions(-) delete mode 100644 salt/playbook/files/playbook-schema.sql delete mode 100644 salt/playbook/files/redmine.db diff --git a/salt/elasticsearch/files/ingest/beats.common b/salt/elasticsearch/files/ingest/beats.common index 9ea586156..5ca41e5f5 100644 --- a/salt/elasticsearch/files/ingest/beats.common +++ b/salt/elasticsearch/files/ingest/beats.common @@ -3,16 +3,26 @@ "processors" : [ {"community_id": {"if": "ctx.winlog.event_data?.Protocol != null", "field":["winlog.event_data.SourceIp","winlog.event_data.SourcePort","winlog.event_data.DestinationIp","winlog.event_data.DestinationPort","winlog.event_data.Protocol"],"target_field":"network.community_id"}}, { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "field": "event.module", "value": "sysmon", "override": true } }, - { "set": { "if": "ctx.winlog?.channel!= null", "field": "event.module", "value": "win_eventlog", "override": true, "ignore_failure": true } }, - { "set": { "if": "ctx.winlog?.channel != null", "field": "dataset", "value": "{{winlog.channel}}", "override": true } }, + { "set": { "if": "ctx.winlog?.channel != null", "field": "event.module", "value": "windows_eventlog", "override": false, "ignore_failure": true } }, { "set": { "if": "ctx.agent?.type != null", "field": "module", "value": "{{agent.type}}", "override": true } }, { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 3", "field": "event.category", "value": "host,process,network", "override": true } }, { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 1", "field": "event.category", "value": "host,process", "override": true } }, { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 1", "field": "event.dataset", "value": "process_creation", "override": true } }, { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 2", "field": "event.dataset", "value": "process_changed_file", "override": true } }, { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 3", "field": "event.dataset", "value": "network_connection", "override": true } }, - { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 5", "field": "event.dataset", "value": "driver_loaded", "override": true } }, - { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 6", "field": "event.dataset", "value": "image_loaded", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 5", "field": "event.dataset", "value": "process_terminated", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 6", "field": "event.dataset", "value": "driver_loaded", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 7", "field": "event.dataset", "value": "image_loaded", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 8", "field": "event.dataset", "value": "create_remote_thread", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 9", "field": "event.dataset", "value": "raw_file_access_read", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 10", "field": "event.dataset", "value": "process_access", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 11", "field": "event.dataset", "value": "file_create", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 12", "field": "event.dataset", "value": "registry_create_delete", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 13", "field": "event.dataset", "value": "registry_value_set", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 14", "field": "event.dataset", "value": "registry_key_value_rename", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 15", "field": "event.dataset", "value": "file_create_stream_hash", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 16", "field": "event.dataset", "value": "config_change", "override": true } }, + { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 22", "field": "event.dataset", "value": "dns_query", "override": true } }, { "rename": { "field": "agent.hostname", "target_field": "agent.name", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.SubjectUserName", "target_field": "user.name", "ignore_missing": true } }, { "rename": { "field": "winlog.event_data.DestinationHostname", "target_field": "destination.hostname", "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/common b/salt/elasticsearch/files/ingest/common index 3bb19535e..9db5a039b 100644 --- a/salt/elasticsearch/files/ingest/common +++ b/salt/elasticsearch/files/ingest/common @@ -37,14 +37,15 @@ "index_name_format": "yyyy.MM.dd" } }, - { "set": { "if": "ctx.event?.severity == 3", "field": "event.severity_label", "value": "low", "override": true } }, - { "set": { "if": "ctx.event?.severity == 5", "field": "event.severity_label", "value": "medium", "override": true } }, - { "set": { "if": "ctx.event?.severity == 7", "field": "event.severity_label", "value": "high", "override": true } }, - { "set": { "if": "ctx.event?.severity == 10", "field": "event.severity_label", "value": "critical", "override": true } }, + { "set": { "if": "ctx.event?.severity == 1", "field": "event.severity_label", "value": "low", "override": true } }, + { "set": { "if": "ctx.event?.severity == 2", "field": "event.severity_label", "value": "medium", "override": true } }, + { "set": { "if": "ctx.event?.severity == 3", "field": "event.severity_label", "value": "high", "override": true } }, + { "set": { "if": "ctx.event?.severity == 4", "field": "event.severity_label", "value": "critical", "override": true } }, { "rename": { "field": "module", "target_field": "event.module", "ignore_failure": true, "ignore_missing": true } }, { "rename": { "field": "dataset", "target_field": "event.dataset", "ignore_failure": true, "ignore_missing": true } }, { "rename": { "field": "category", "target_field": "event.category", "ignore_missing": true } }, { "rename": { "field": "message2.community_id", "target_field": "network.community_id", "ignore_failure": true, "ignore_missing": true } }, + { "lowercase": { "field": "event.dataset", "ignore_failure": true, "ignore_missing": true } }, { "convert": { "field": "destination.port", "type": "integer", "ignore_failure": true, "ignore_missing": true } }, { "convert": { "field": "source.port", "type": "integer", "ignore_failure": true, "ignore_missing": true } }, { "convert": { "field": "log.id.uid", "type": "string", "ignore_failure": true, "ignore_missing": true } }, diff --git a/salt/elasticsearch/files/ingest/osquery.query_result b/salt/elasticsearch/files/ingest/osquery.query_result index 5b37655f9..80ed32d73 100644 --- a/salt/elasticsearch/files/ingest/osquery.query_result +++ b/salt/elasticsearch/files/ingest/osquery.query_result @@ -31,7 +31,25 @@ { "rename": { "field": "message3.columns.remote_port", "target_field": "remote.port", "ignore_missing": true } }, { "rename": { "field": "message3.columns.process_name", "target_field": "process.name", "ignore_missing": true } }, { "rename": { "field": "message3.columns.eventid", "target_field": "event.code", "ignore_missing": true } }, - { "set": { "if": "ctx.message3.columns?.data != null", "field": "dataset", "value": "wel-{{message3.columns.source}}", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational'", "field": "event.module", "value": "sysmon", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source != null", "field": "event.module", "value": "windows_eventlog", "override": false, "ignore_failure": true } }, + { "set": { "if": "ctx.message3.columns?.source != 'Microsoft-Windows-Sysmon/Operational'", "field": "event.dataset", "value": "{{message3.columns.source}}", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 1", "field": "event.dataset", "value": "process_creation", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 2", "field": "event.dataset", "value": "process_changed_file", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 3", "field": "event.dataset", "value": "network_connection", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 5", "field": "event.dataset", "value": "process_terminated", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 6", "field": "event.dataset", "value": "driver_loaded", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 7", "field": "event.dataset", "value": "image_loaded", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 8", "field": "event.dataset", "value": "create_remote_thread", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 9", "field": "event.dataset", "value": "raw_file_access_read", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 10", "field": "event.dataset", "value": "process_access", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 11", "field": "event.dataset", "value": "file_create", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 12", "field": "event.dataset", "value": "registry_create_delete", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 13", "field": "event.dataset", "value": "registry_value_set", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 14", "field": "event.dataset", "value": "registry_key_value_rename", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 15", "field": "event.dataset", "value": "file_create_stream_hash", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 16", "field": "event.dataset", "value": "config_change", "override": true } }, + { "set": { "if": "ctx.message3.columns?.source == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 22", "field": "event.dataset", "value": "dns_query", "override": true } }, { "rename": { "field": "message3.columns.winlog.EventData.SubjectUserName", "target_field": "user.name", "ignore_missing": true } }, { "rename": { "field": "message3.columns.winlog.EventData.destinationHostname", "target_field": "destination.hostname", "ignore_missing": true } }, { "rename": { "field": "message3.columns.winlog.EventData.destinationIp", "target_field": "destination.ip", "ignore_missing": true } }, diff --git a/salt/logstash/pipelines/templates/so/so-common-template.json b/salt/logstash/pipelines/templates/so/so-common-template.json index 396e26c3c..86f07e079 100644 --- a/salt/logstash/pipelines/templates/so/so-common-template.json +++ b/salt/logstash/pipelines/templates/so/so-common-template.json @@ -1,5 +1,5 @@ { - "index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka-*", "so-beats-*", "so-osquery-*"], + "index_patterns": ["so-ids-*", "so-firewall-*", "so-syslog-*", "so-zeek-*", "so-import-*", "so-ossec-*", "so-strelka-*", "so-beats-*", "so-osquery-*","so-playbook-*"], "version":50001, "order" : 10, "settings":{ @@ -380,6 +380,10 @@ "type":"object", "dynamic": true }, + "winlog":{ + "type":"object", + "dynamic": true + }, "x509":{ "type":"object", "dynamic": true diff --git a/salt/nginx/files/nav_layer_playbook.json b/salt/nginx/files/nav_layer_playbook.json index 43ed462b7..7b7f39098 100644 --- a/salt/nginx/files/nav_layer_playbook.json +++ b/salt/nginx/files/nav_layer_playbook.json @@ -1,6 +1,6 @@ { "name": "Playbook", - "version": "2.1", + "version": "2.2", "domain": "mitre-enterprise", "description": "Current Coverage of Playbook", "filters": { diff --git a/salt/nginx/files/navigator_config.json b/salt/nginx/files/navigator_config.json index 7e132cbf8..2b6bc1be0 100644 --- a/salt/nginx/files/navigator_config.json +++ b/salt/nginx/files/navigator_config.json @@ -16,7 +16,7 @@ "domain": "mitre-enterprise", - "custom_context_menu_items": [ {"label": "view related plays","url": " https://{{ip}}/playbook/projects/playbook-prod/issues?utf8=%E2%9C%93&set_filter=1&sort=id%3Adesc&f%5B%5D=status_id&op%5Bstatus_id%5D=o&f%5B%5D=cf_27&op%5Bcf_27%5D=%3D&f%5B%5D=&c%5B%5D=status&c%5B%5D=cf_24&c%5B%5D=cf_25&c%5B%5D=cf_6&c%5B%5D=updated_on&group_by=&t%5B%5D=&v%5Bcf_27%5D%5B%5D=~Technique_ID~"}], + "custom_context_menu_items": [ {"label": "view related plays","url": " https://{{ip}}/playbook/projects/detection-playbooks/issues?utf8=%E2%9C%93&set_filter=1&sort=id%3Adesc&f%5B%5D=cf_15&op%5Bcf_15%5D=%3D&f%5B%5D=&c%5B%5D=status&c%5B%5D=cf_10&c%5B%5D=cf_13&c%5B%5D=cf_18&c%5B%5D=cf_19&c%5B%5D=cf_1&c%5B%5D=updated_on&v%5Bcf_15%5D%5B%5D=~Technique_ID~"}], "default_layers": { "enabled": true, diff --git a/salt/playbook/files/playbook-schema.sql b/salt/playbook/files/playbook-schema.sql deleted file mode 100644 index 02eafcbdd..000000000 --- a/salt/playbook/files/playbook-schema.sql +++ /dev/null @@ -1,1224 +0,0 @@ --- MySQL dump 10.13 Distrib 5.7.24, for Linux (x86_64) --- --- Host: localhost Database: playbook --- ------------------------------------------------------ --- Server version 5.7.24 - -/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; -/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; -/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; -/*!40101 SET NAMES utf8 */; -/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; -/*!40103 SET TIME_ZONE='+00:00' */; -/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; -/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; -/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; -/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; - --- --- Table structure for table `ar_internal_metadata` --- - -DROP TABLE IF EXISTS `ar_internal_metadata`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `ar_internal_metadata` ( - `key` varchar(255) NOT NULL, - `value` varchar(255) DEFAULT NULL, - `created_at` datetime NOT NULL, - `updated_at` datetime NOT NULL, - PRIMARY KEY (`key`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `attachments` --- - -DROP TABLE IF EXISTS `attachments`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `attachments` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `container_id` int(11) DEFAULT NULL, - `container_type` varchar(30) DEFAULT NULL, - `filename` varchar(255) NOT NULL DEFAULT '', - `disk_filename` varchar(255) NOT NULL DEFAULT '', - `filesize` bigint(20) NOT NULL DEFAULT '0', - `content_type` varchar(255) DEFAULT '', - `digest` varchar(64) NOT NULL DEFAULT '', - `downloads` int(11) NOT NULL DEFAULT '0', - `author_id` int(11) NOT NULL DEFAULT '0', - `created_on` timestamp NULL DEFAULT NULL, - `description` varchar(255) DEFAULT NULL, - `disk_directory` varchar(255) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_attachments_on_author_id` (`author_id`), - KEY `index_attachments_on_created_on` (`created_on`), - KEY `index_attachments_on_container_id_and_container_type` (`container_id`,`container_type`), - KEY `index_attachments_on_disk_filename` (`disk_filename`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `auth_sources` --- - -DROP TABLE IF EXISTS `auth_sources`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `auth_sources` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `type` varchar(30) NOT NULL DEFAULT '', - `name` varchar(60) NOT NULL DEFAULT '', - `host` varchar(60) DEFAULT NULL, - `port` int(11) DEFAULT NULL, - `account` varchar(255) DEFAULT NULL, - `account_password` varchar(255) DEFAULT '', - `base_dn` varchar(255) DEFAULT NULL, - `attr_login` varchar(30) DEFAULT NULL, - `attr_firstname` varchar(30) DEFAULT NULL, - `attr_lastname` varchar(30) DEFAULT NULL, - `attr_mail` varchar(30) DEFAULT NULL, - `onthefly_register` tinyint(1) NOT NULL DEFAULT '0', - `tls` tinyint(1) NOT NULL DEFAULT '0', - `filter` text, - `timeout` int(11) DEFAULT NULL, - `verify_peer` tinyint(1) NOT NULL DEFAULT '1', - PRIMARY KEY (`id`), - KEY `index_auth_sources_on_id_and_type` (`id`,`type`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `boards` --- - -DROP TABLE IF EXISTS `boards`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `boards` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL, - `name` varchar(255) NOT NULL DEFAULT '', - `description` varchar(255) DEFAULT NULL, - `position` int(11) DEFAULT NULL, - `topics_count` int(11) NOT NULL DEFAULT '0', - `messages_count` int(11) NOT NULL DEFAULT '0', - `last_message_id` int(11) DEFAULT NULL, - `parent_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `boards_project_id` (`project_id`), - KEY `index_boards_on_last_message_id` (`last_message_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `changes` --- - -DROP TABLE IF EXISTS `changes`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `changes` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `changeset_id` int(11) NOT NULL, - `action` varchar(1) NOT NULL DEFAULT '', - `path` text NOT NULL, - `from_path` text, - `from_revision` varchar(255) DEFAULT NULL, - `revision` varchar(255) DEFAULT NULL, - `branch` varchar(255) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `changesets_changeset_id` (`changeset_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `changeset_parents` --- - -DROP TABLE IF EXISTS `changeset_parents`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `changeset_parents` ( - `changeset_id` int(11) NOT NULL, - `parent_id` int(11) NOT NULL, - KEY `changeset_parents_changeset_ids` (`changeset_id`), - KEY `changeset_parents_parent_ids` (`parent_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `changesets` --- - -DROP TABLE IF EXISTS `changesets`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `changesets` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `repository_id` int(11) NOT NULL, - `revision` varchar(255) NOT NULL, - `committer` varchar(255) DEFAULT NULL, - `committed_on` datetime NOT NULL, - `comments` longtext, - `commit_date` date DEFAULT NULL, - `scmid` varchar(255) DEFAULT NULL, - `user_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - UNIQUE KEY `changesets_repos_rev` (`repository_id`,`revision`), - KEY `index_changesets_on_user_id` (`user_id`), - KEY `index_changesets_on_repository_id` (`repository_id`), - KEY `index_changesets_on_committed_on` (`committed_on`), - KEY `changesets_repos_scmid` (`repository_id`,`scmid`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `changesets_issues` --- - -DROP TABLE IF EXISTS `changesets_issues`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `changesets_issues` ( - `changeset_id` int(11) NOT NULL, - `issue_id` int(11) NOT NULL, - UNIQUE KEY `changesets_issues_ids` (`changeset_id`,`issue_id`), - KEY `index_changesets_issues_on_issue_id` (`issue_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `comments` --- - -DROP TABLE IF EXISTS `comments`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `comments` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `commented_type` varchar(30) NOT NULL DEFAULT '', - `commented_id` int(11) NOT NULL DEFAULT '0', - `author_id` int(11) NOT NULL DEFAULT '0', - `content` text, - `created_on` datetime NOT NULL, - `updated_on` datetime NOT NULL, - PRIMARY KEY (`id`), - KEY `index_comments_on_commented_id_and_commented_type` (`commented_id`,`commented_type`), - KEY `index_comments_on_author_id` (`author_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `custom_field_enumerations` --- - -DROP TABLE IF EXISTS `custom_field_enumerations`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `custom_field_enumerations` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `custom_field_id` int(11) NOT NULL, - `name` varchar(255) NOT NULL, - `active` tinyint(1) NOT NULL DEFAULT '1', - `position` int(11) NOT NULL DEFAULT '1', - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `custom_fields` --- - -DROP TABLE IF EXISTS `custom_fields`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `custom_fields` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `type` varchar(30) NOT NULL DEFAULT '', - `name` varchar(30) NOT NULL DEFAULT '', - `field_format` varchar(30) NOT NULL DEFAULT '', - `possible_values` text, - `regexp` varchar(255) DEFAULT '', - `min_length` int(11) DEFAULT NULL, - `max_length` int(11) DEFAULT NULL, - `is_required` tinyint(1) NOT NULL DEFAULT '0', - `is_for_all` tinyint(1) NOT NULL DEFAULT '0', - `is_filter` tinyint(1) NOT NULL DEFAULT '0', - `position` int(11) DEFAULT NULL, - `searchable` tinyint(1) DEFAULT '0', - `default_value` text, - `editable` tinyint(1) DEFAULT '1', - `visible` tinyint(1) NOT NULL DEFAULT '1', - `multiple` tinyint(1) DEFAULT '0', - `format_store` text, - `description` text, - PRIMARY KEY (`id`), - KEY `index_custom_fields_on_id_and_type` (`id`,`type`) -) ENGINE=InnoDB AUTO_INCREMENT=18 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `custom_fields_projects` --- - -DROP TABLE IF EXISTS `custom_fields_projects`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `custom_fields_projects` ( - `custom_field_id` int(11) NOT NULL DEFAULT '0', - `project_id` int(11) NOT NULL DEFAULT '0', - UNIQUE KEY `index_custom_fields_projects_on_custom_field_id_and_project_id` (`custom_field_id`,`project_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `custom_fields_roles` --- - -DROP TABLE IF EXISTS `custom_fields_roles`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `custom_fields_roles` ( - `custom_field_id` int(11) NOT NULL, - `role_id` int(11) NOT NULL, - UNIQUE KEY `custom_fields_roles_ids` (`custom_field_id`,`role_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `custom_fields_trackers` --- - -DROP TABLE IF EXISTS `custom_fields_trackers`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `custom_fields_trackers` ( - `custom_field_id` int(11) NOT NULL DEFAULT '0', - `tracker_id` int(11) NOT NULL DEFAULT '0', - UNIQUE KEY `index_custom_fields_trackers_on_custom_field_id_and_tracker_id` (`custom_field_id`,`tracker_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `custom_values` --- - -DROP TABLE IF EXISTS `custom_values`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `custom_values` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `customized_type` varchar(30) NOT NULL DEFAULT '', - `customized_id` int(11) NOT NULL DEFAULT '0', - `custom_field_id` int(11) NOT NULL DEFAULT '0', - `value` longtext, - PRIMARY KEY (`id`), - KEY `custom_values_customized` (`customized_type`,`customized_id`), - KEY `index_custom_values_on_custom_field_id` (`custom_field_id`) -) ENGINE=InnoDB AUTO_INCREMENT=11184 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `documents` --- - -DROP TABLE IF EXISTS `documents`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `documents` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL DEFAULT '0', - `category_id` int(11) NOT NULL DEFAULT '0', - `title` varchar(255) NOT NULL DEFAULT '', - `description` text, - `created_on` timestamp NULL DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `documents_project_id` (`project_id`), - KEY `index_documents_on_category_id` (`category_id`), - KEY `index_documents_on_created_on` (`created_on`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `email_addresses` --- - -DROP TABLE IF EXISTS `email_addresses`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `email_addresses` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `user_id` int(11) NOT NULL, - `address` varchar(255) NOT NULL, - `is_default` tinyint(1) NOT NULL DEFAULT '0', - `notify` tinyint(1) NOT NULL DEFAULT '1', - `created_on` datetime NOT NULL, - `updated_on` datetime NOT NULL, - PRIMARY KEY (`id`), - KEY `index_email_addresses_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `enabled_modules` --- - -DROP TABLE IF EXISTS `enabled_modules`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `enabled_modules` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) DEFAULT NULL, - `name` varchar(255) NOT NULL, - PRIMARY KEY (`id`), - KEY `enabled_modules_project_id` (`project_id`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `enumerations` --- - -DROP TABLE IF EXISTS `enumerations`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `enumerations` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(30) NOT NULL DEFAULT '', - `position` int(11) DEFAULT NULL, - `is_default` tinyint(1) NOT NULL DEFAULT '0', - `type` varchar(255) DEFAULT NULL, - `active` tinyint(1) NOT NULL DEFAULT '1', - `project_id` int(11) DEFAULT NULL, - `parent_id` int(11) DEFAULT NULL, - `position_name` varchar(30) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_enumerations_on_project_id` (`project_id`), - KEY `index_enumerations_on_id_and_type` (`id`,`type`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `groups_users` --- - -DROP TABLE IF EXISTS `groups_users`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `groups_users` ( - `group_id` int(11) NOT NULL, - `user_id` int(11) NOT NULL, - UNIQUE KEY `groups_users_ids` (`group_id`,`user_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `import_items` --- - -DROP TABLE IF EXISTS `import_items`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `import_items` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `import_id` int(11) NOT NULL, - `position` int(11) NOT NULL, - `obj_id` int(11) DEFAULT NULL, - `message` text, - `unique_id` varchar(255) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_import_items_on_import_id_and_unique_id` (`import_id`,`unique_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `imports` --- - -DROP TABLE IF EXISTS `imports`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `imports` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `type` varchar(255) DEFAULT NULL, - `user_id` int(11) NOT NULL, - `filename` varchar(255) DEFAULT NULL, - `settings` text, - `total_items` int(11) DEFAULT NULL, - `finished` tinyint(1) NOT NULL DEFAULT '0', - `created_at` datetime NOT NULL, - `updated_at` datetime NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `issue_categories` --- - -DROP TABLE IF EXISTS `issue_categories`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `issue_categories` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL DEFAULT '0', - `name` varchar(60) NOT NULL DEFAULT '', - `assigned_to_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `issue_categories_project_id` (`project_id`), - KEY `index_issue_categories_on_assigned_to_id` (`assigned_to_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `issue_relations` --- - -DROP TABLE IF EXISTS `issue_relations`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `issue_relations` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `issue_from_id` int(11) NOT NULL, - `issue_to_id` int(11) NOT NULL, - `relation_type` varchar(255) NOT NULL DEFAULT '', - `delay` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - UNIQUE KEY `index_issue_relations_on_issue_from_id_and_issue_to_id` (`issue_from_id`,`issue_to_id`), - KEY `index_issue_relations_on_issue_from_id` (`issue_from_id`), - KEY `index_issue_relations_on_issue_to_id` (`issue_to_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `issue_statuses` --- - -DROP TABLE IF EXISTS `issue_statuses`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `issue_statuses` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(30) NOT NULL DEFAULT '', - `is_closed` tinyint(1) NOT NULL DEFAULT '0', - `position` int(11) DEFAULT NULL, - `default_done_ratio` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_issue_statuses_on_position` (`position`), - KEY `index_issue_statuses_on_is_closed` (`is_closed`) -) ENGINE=InnoDB AUTO_INCREMENT=7 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `issues` --- - -DROP TABLE IF EXISTS `issues`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `issues` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `tracker_id` int(11) NOT NULL, - `project_id` int(11) NOT NULL, - `subject` varchar(255) NOT NULL DEFAULT '', - `description` longtext, - `due_date` date DEFAULT NULL, - `category_id` int(11) DEFAULT NULL, - `status_id` int(11) NOT NULL, - `assigned_to_id` int(11) DEFAULT NULL, - `priority_id` int(11) NOT NULL, - `fixed_version_id` int(11) DEFAULT NULL, - `author_id` int(11) NOT NULL, - `lock_version` int(11) NOT NULL DEFAULT '0', - `created_on` timestamp NULL DEFAULT NULL, - `updated_on` timestamp NULL DEFAULT NULL, - `start_date` date DEFAULT NULL, - `done_ratio` int(11) NOT NULL DEFAULT '0', - `estimated_hours` float DEFAULT NULL, - `parent_id` int(11) DEFAULT NULL, - `root_id` int(11) DEFAULT NULL, - `lft` int(11) DEFAULT NULL, - `rgt` int(11) DEFAULT NULL, - `is_private` tinyint(1) NOT NULL DEFAULT '0', - `closed_on` datetime DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `issues_project_id` (`project_id`), - KEY `index_issues_on_status_id` (`status_id`), - KEY `index_issues_on_category_id` (`category_id`), - KEY `index_issues_on_assigned_to_id` (`assigned_to_id`), - KEY `index_issues_on_fixed_version_id` (`fixed_version_id`), - KEY `index_issues_on_tracker_id` (`tracker_id`), - KEY `index_issues_on_priority_id` (`priority_id`), - KEY `index_issues_on_author_id` (`author_id`), - KEY `index_issues_on_created_on` (`created_on`), - KEY `index_issues_on_root_id_and_lft_and_rgt` (`root_id`,`lft`,`rgt`), - KEY `index_issues_on_parent_id` (`parent_id`) -) ENGINE=InnoDB AUTO_INCREMENT=620 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `journal_details` --- - -DROP TABLE IF EXISTS `journal_details`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `journal_details` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `journal_id` int(11) NOT NULL DEFAULT '0', - `property` varchar(30) NOT NULL DEFAULT '', - `prop_key` varchar(30) NOT NULL DEFAULT '', - `old_value` longtext, - `value` longtext, - PRIMARY KEY (`id`), - KEY `journal_details_journal_id` (`journal_id`) -) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `journals` --- - -DROP TABLE IF EXISTS `journals`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `journals` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `journalized_id` int(11) NOT NULL DEFAULT '0', - `journalized_type` varchar(30) NOT NULL DEFAULT '', - `user_id` int(11) NOT NULL DEFAULT '0', - `notes` longtext, - `created_on` datetime NOT NULL, - `private_notes` tinyint(1) NOT NULL DEFAULT '0', - PRIMARY KEY (`id`), - KEY `journals_journalized_id` (`journalized_id`,`journalized_type`), - KEY `index_journals_on_user_id` (`user_id`), - KEY `index_journals_on_journalized_id` (`journalized_id`), - KEY `index_journals_on_created_on` (`created_on`) -) ENGINE=InnoDB AUTO_INCREMENT=624 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `member_roles` --- - -DROP TABLE IF EXISTS `member_roles`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `member_roles` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `member_id` int(11) NOT NULL, - `role_id` int(11) NOT NULL, - `inherited_from` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_member_roles_on_member_id` (`member_id`), - KEY `index_member_roles_on_role_id` (`role_id`), - KEY `index_member_roles_on_inherited_from` (`inherited_from`) -) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `members` --- - -DROP TABLE IF EXISTS `members`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `members` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `user_id` int(11) NOT NULL DEFAULT '0', - `project_id` int(11) NOT NULL DEFAULT '0', - `created_on` timestamp NULL DEFAULT NULL, - `mail_notification` tinyint(1) NOT NULL DEFAULT '0', - PRIMARY KEY (`id`), - UNIQUE KEY `index_members_on_user_id_and_project_id` (`user_id`,`project_id`), - KEY `index_members_on_user_id` (`user_id`), - KEY `index_members_on_project_id` (`project_id`) -) ENGINE=InnoDB AUTO_INCREMENT=8 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `messages` --- - -DROP TABLE IF EXISTS `messages`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `messages` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `board_id` int(11) NOT NULL, - `parent_id` int(11) DEFAULT NULL, - `subject` varchar(255) NOT NULL DEFAULT '', - `content` text, - `author_id` int(11) DEFAULT NULL, - `replies_count` int(11) NOT NULL DEFAULT '0', - `last_reply_id` int(11) DEFAULT NULL, - `created_on` datetime NOT NULL, - `updated_on` datetime NOT NULL, - `locked` tinyint(1) DEFAULT '0', - `sticky` int(11) DEFAULT '0', - PRIMARY KEY (`id`), - KEY `messages_board_id` (`board_id`), - KEY `messages_parent_id` (`parent_id`), - KEY `index_messages_on_last_reply_id` (`last_reply_id`), - KEY `index_messages_on_author_id` (`author_id`), - KEY `index_messages_on_created_on` (`created_on`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `news` --- - -DROP TABLE IF EXISTS `news`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `news` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) DEFAULT NULL, - `title` varchar(60) NOT NULL DEFAULT '', - `summary` varchar(255) DEFAULT '', - `description` text, - `author_id` int(11) NOT NULL DEFAULT '0', - `created_on` timestamp NULL DEFAULT NULL, - `comments_count` int(11) NOT NULL DEFAULT '0', - PRIMARY KEY (`id`), - KEY `news_project_id` (`project_id`), - KEY `index_news_on_author_id` (`author_id`), - KEY `index_news_on_created_on` (`created_on`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `open_id_authentication_associations` --- - -DROP TABLE IF EXISTS `open_id_authentication_associations`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `open_id_authentication_associations` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `issued` int(11) DEFAULT NULL, - `lifetime` int(11) DEFAULT NULL, - `handle` varchar(255) DEFAULT NULL, - `assoc_type` varchar(255) DEFAULT NULL, - `server_url` blob, - `secret` blob, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `open_id_authentication_nonces` --- - -DROP TABLE IF EXISTS `open_id_authentication_nonces`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `open_id_authentication_nonces` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `timestamp` int(11) NOT NULL, - `server_url` varchar(255) DEFAULT NULL, - `salt` varchar(255) NOT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `projects` --- - -DROP TABLE IF EXISTS `projects`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `projects` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(255) NOT NULL DEFAULT '', - `description` text, - `homepage` varchar(255) DEFAULT '', - `is_public` tinyint(1) NOT NULL DEFAULT '1', - `parent_id` int(11) DEFAULT NULL, - `created_on` timestamp NULL DEFAULT NULL, - `updated_on` timestamp NULL DEFAULT NULL, - `identifier` varchar(255) DEFAULT NULL, - `status` int(11) NOT NULL DEFAULT '1', - `lft` int(11) DEFAULT NULL, - `rgt` int(11) DEFAULT NULL, - `inherit_members` tinyint(1) NOT NULL DEFAULT '0', - `default_version_id` int(11) DEFAULT NULL, - `default_assigned_to_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_projects_on_lft` (`lft`), - KEY `index_projects_on_rgt` (`rgt`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `projects_trackers` --- - -DROP TABLE IF EXISTS `projects_trackers`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `projects_trackers` ( - `project_id` int(11) NOT NULL DEFAULT '0', - `tracker_id` int(11) NOT NULL DEFAULT '0', - UNIQUE KEY `projects_trackers_unique` (`project_id`,`tracker_id`), - KEY `projects_trackers_project_id` (`project_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `queries` --- - -DROP TABLE IF EXISTS `queries`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `queries` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) DEFAULT NULL, - `name` varchar(255) NOT NULL DEFAULT '', - `filters` text, - `user_id` int(11) NOT NULL DEFAULT '0', - `column_names` text, - `sort_criteria` text, - `group_by` varchar(255) DEFAULT NULL, - `type` varchar(255) DEFAULT NULL, - `visibility` int(11) DEFAULT '0', - `options` text, - PRIMARY KEY (`id`), - KEY `index_queries_on_project_id` (`project_id`), - KEY `index_queries_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `queries_roles` --- - -DROP TABLE IF EXISTS `queries_roles`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `queries_roles` ( - `query_id` int(11) NOT NULL, - `role_id` int(11) NOT NULL, - UNIQUE KEY `queries_roles_ids` (`query_id`,`role_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `repositories` --- - -DROP TABLE IF EXISTS `repositories`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `repositories` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL DEFAULT '0', - `url` varchar(255) NOT NULL DEFAULT '', - `login` varchar(60) DEFAULT '', - `password` varchar(255) DEFAULT '', - `root_url` varchar(255) DEFAULT '', - `type` varchar(255) DEFAULT NULL, - `path_encoding` varchar(64) DEFAULT NULL, - `log_encoding` varchar(64) DEFAULT NULL, - `extra_info` longtext, - `identifier` varchar(255) DEFAULT NULL, - `is_default` tinyint(1) DEFAULT '0', - `created_on` timestamp NULL DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_repositories_on_project_id` (`project_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `roles` --- - -DROP TABLE IF EXISTS `roles`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `roles` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(255) NOT NULL DEFAULT '', - `position` int(11) DEFAULT NULL, - `assignable` tinyint(1) DEFAULT '1', - `builtin` int(11) NOT NULL DEFAULT '0', - `permissions` text, - `issues_visibility` varchar(30) NOT NULL DEFAULT 'default', - `users_visibility` varchar(30) NOT NULL DEFAULT 'all', - `time_entries_visibility` varchar(30) NOT NULL DEFAULT 'all', - `all_roles_managed` tinyint(1) NOT NULL DEFAULT '1', - `settings` text, - PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `roles_managed_roles` --- - -DROP TABLE IF EXISTS `roles_managed_roles`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `roles_managed_roles` ( - `role_id` int(11) NOT NULL, - `managed_role_id` int(11) NOT NULL, - UNIQUE KEY `index_roles_managed_roles_on_role_id_and_managed_role_id` (`role_id`,`managed_role_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `schema_migrations` --- - -DROP TABLE IF EXISTS `schema_migrations`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `schema_migrations` ( - `version` varchar(255) NOT NULL, - PRIMARY KEY (`version`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `settings` --- - -DROP TABLE IF EXISTS `settings`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `settings` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(255) NOT NULL DEFAULT '', - `value` text, - `updated_on` timestamp NULL DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_settings_on_name` (`name`) -) ENGINE=InnoDB AUTO_INCREMENT=71 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `time_entries` --- - -DROP TABLE IF EXISTS `time_entries`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `time_entries` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL, - `author_id` int(11) DEFAULT NULL, - `user_id` int(11) NOT NULL, - `issue_id` int(11) DEFAULT NULL, - `hours` float NOT NULL, - `comments` varchar(1024) DEFAULT NULL, - `activity_id` int(11) NOT NULL, - `spent_on` date NOT NULL, - `tyear` int(11) NOT NULL, - `tmonth` int(11) NOT NULL, - `tweek` int(11) NOT NULL, - `created_on` datetime NOT NULL, - `updated_on` datetime NOT NULL, - PRIMARY KEY (`id`), - KEY `time_entries_project_id` (`project_id`), - KEY `time_entries_issue_id` (`issue_id`), - KEY `index_time_entries_on_activity_id` (`activity_id`), - KEY `index_time_entries_on_user_id` (`user_id`), - KEY `index_time_entries_on_created_on` (`created_on`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `tokens` --- - -DROP TABLE IF EXISTS `tokens`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `tokens` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `user_id` int(11) NOT NULL DEFAULT '0', - `action` varchar(30) NOT NULL DEFAULT '', - `value` varchar(40) NOT NULL DEFAULT '', - `created_on` datetime NOT NULL, - `updated_on` timestamp NULL DEFAULT NULL, - PRIMARY KEY (`id`), - UNIQUE KEY `tokens_value` (`value`), - KEY `index_tokens_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=46 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `trackers` --- - -DROP TABLE IF EXISTS `trackers`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `trackers` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `name` varchar(30) NOT NULL DEFAULT '', - `description` varchar(255) DEFAULT NULL, - `is_in_chlog` tinyint(1) NOT NULL DEFAULT '0', - `position` int(11) DEFAULT NULL, - `is_in_roadmap` tinyint(1) NOT NULL DEFAULT '1', - `fields_bits` int(11) DEFAULT '0', - `default_status_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `user_preferences` --- - -DROP TABLE IF EXISTS `user_preferences`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `user_preferences` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `user_id` int(11) NOT NULL DEFAULT '0', - `others` text, - `hide_mail` tinyint(1) DEFAULT '1', - `time_zone` varchar(255) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_user_preferences_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `users` --- - -DROP TABLE IF EXISTS `users`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `users` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `login` varchar(255) NOT NULL DEFAULT '', - `hashed_password` varchar(40) NOT NULL DEFAULT '', - `firstname` varchar(30) NOT NULL DEFAULT '', - `lastname` varchar(255) NOT NULL DEFAULT '', - `admin` tinyint(1) NOT NULL DEFAULT '0', - `status` int(11) NOT NULL DEFAULT '1', - `last_login_on` datetime DEFAULT NULL, - `language` varchar(5) DEFAULT '', - `auth_source_id` int(11) DEFAULT NULL, - `created_on` timestamp NULL DEFAULT NULL, - `updated_on` timestamp NULL DEFAULT NULL, - `type` varchar(255) DEFAULT NULL, - `identity_url` varchar(255) DEFAULT NULL, - `mail_notification` varchar(255) NOT NULL DEFAULT '', - `salt` varchar(64) DEFAULT NULL, - `must_change_passwd` tinyint(1) NOT NULL DEFAULT '0', - `passwd_changed_on` datetime DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `index_users_on_id_and_type` (`id`,`type`), - KEY `index_users_on_auth_source_id` (`auth_source_id`), - KEY `index_users_on_type` (`type`) -) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `versions` --- - -DROP TABLE IF EXISTS `versions`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `versions` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL DEFAULT '0', - `name` varchar(255) NOT NULL DEFAULT '', - `description` varchar(255) DEFAULT '', - `effective_date` date DEFAULT NULL, - `created_on` timestamp NULL DEFAULT NULL, - `updated_on` timestamp NULL DEFAULT NULL, - `wiki_page_title` varchar(255) DEFAULT NULL, - `status` varchar(255) DEFAULT 'open', - `sharing` varchar(255) NOT NULL DEFAULT 'none', - PRIMARY KEY (`id`), - KEY `versions_project_id` (`project_id`), - KEY `index_versions_on_sharing` (`sharing`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `watchers` --- - -DROP TABLE IF EXISTS `watchers`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `watchers` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `watchable_type` varchar(255) NOT NULL DEFAULT '', - `watchable_id` int(11) NOT NULL DEFAULT '0', - `user_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `watchers_user_id_type` (`user_id`,`watchable_type`), - KEY `index_watchers_on_user_id` (`user_id`), - KEY `index_watchers_on_watchable_id_and_watchable_type` (`watchable_id`,`watchable_type`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `webhooks` --- - -DROP TABLE IF EXISTS `webhooks`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `webhooks` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `url` varchar(255) DEFAULT NULL, - `project_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `wiki_content_versions` --- - -DROP TABLE IF EXISTS `wiki_content_versions`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `wiki_content_versions` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `wiki_content_id` int(11) NOT NULL, - `page_id` int(11) NOT NULL, - `author_id` int(11) DEFAULT NULL, - `data` longblob, - `compression` varchar(6) DEFAULT '', - `comments` varchar(1024) DEFAULT '', - `updated_on` datetime NOT NULL, - `version` int(11) NOT NULL, - PRIMARY KEY (`id`), - KEY `wiki_content_versions_wcid` (`wiki_content_id`), - KEY `index_wiki_content_versions_on_updated_on` (`updated_on`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `wiki_contents` --- - -DROP TABLE IF EXISTS `wiki_contents`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `wiki_contents` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `page_id` int(11) NOT NULL, - `author_id` int(11) DEFAULT NULL, - `text` longtext, - `comments` varchar(1024) DEFAULT '', - `updated_on` datetime NOT NULL, - `version` int(11) NOT NULL, - PRIMARY KEY (`id`), - KEY `wiki_contents_page_id` (`page_id`), - KEY `index_wiki_contents_on_author_id` (`author_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `wiki_pages` --- - -DROP TABLE IF EXISTS `wiki_pages`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `wiki_pages` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `wiki_id` int(11) NOT NULL, - `title` varchar(255) NOT NULL, - `created_on` datetime NOT NULL, - `protected` tinyint(1) NOT NULL DEFAULT '0', - `parent_id` int(11) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `wiki_pages_wiki_id_title` (`wiki_id`,`title`), - KEY `index_wiki_pages_on_wiki_id` (`wiki_id`), - KEY `index_wiki_pages_on_parent_id` (`parent_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `wiki_redirects` --- - -DROP TABLE IF EXISTS `wiki_redirects`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `wiki_redirects` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `wiki_id` int(11) NOT NULL, - `title` varchar(255) DEFAULT NULL, - `redirects_to` varchar(255) DEFAULT NULL, - `created_on` datetime NOT NULL, - `redirects_to_wiki_id` int(11) NOT NULL, - PRIMARY KEY (`id`), - KEY `wiki_redirects_wiki_id_title` (`wiki_id`,`title`), - KEY `index_wiki_redirects_on_wiki_id` (`wiki_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `wikis` --- - -DROP TABLE IF EXISTS `wikis`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `wikis` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `project_id` int(11) NOT NULL, - `start_page` varchar(255) NOT NULL, - `status` int(11) NOT NULL DEFAULT '1', - PRIMARY KEY (`id`), - KEY `wikis_project_id` (`project_id`) -) ENGINE=InnoDB DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; - --- --- Table structure for table `workflows` --- - -DROP TABLE IF EXISTS `workflows`; -/*!40101 SET @saved_cs_client = @@character_set_client */; -/*!40101 SET character_set_client = utf8 */; -CREATE TABLE `workflows` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `tracker_id` int(11) NOT NULL DEFAULT '0', - `old_status_id` int(11) NOT NULL DEFAULT '0', - `new_status_id` int(11) NOT NULL DEFAULT '0', - `role_id` int(11) NOT NULL DEFAULT '0', - `assignee` tinyint(1) NOT NULL DEFAULT '0', - `author` tinyint(1) NOT NULL DEFAULT '0', - `type` varchar(30) DEFAULT NULL, - `field_name` varchar(30) DEFAULT NULL, - `rule` varchar(30) DEFAULT NULL, - PRIMARY KEY (`id`), - KEY `wkfs_role_tracker_old_status` (`role_id`,`tracker_id`,`old_status_id`), - KEY `index_workflows_on_old_status_id` (`old_status_id`), - KEY `index_workflows_on_role_id` (`role_id`), - KEY `index_workflows_on_new_status_id` (`new_status_id`), - KEY `index_workflows_on_tracker_id` (`tracker_id`) -) ENGINE=InnoDB AUTO_INCREMENT=247 DEFAULT CHARSET=latin1; -/*!40101 SET character_set_client = @saved_cs_client */; -/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; - -/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; -/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; -/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; -/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; -/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; -/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; -/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; - --- Dump completed on 2020-05-03 10:09:32 diff --git a/salt/playbook/files/playbook_db_init.sql b/salt/playbook/files/playbook_db_init.sql index ab3acc1e8..c74869e82 100644 --- a/salt/playbook/files/playbook_db_init.sql +++ b/salt/playbook/files/playbook_db_init.sql @@ -455,7 +455,7 @@ CREATE TABLE `custom_values` ( PRIMARY KEY (`id`), KEY `custom_values_customized` (`customized_type`,`customized_id`), KEY `index_custom_values_on_custom_field_id` (`custom_field_id`) -) ENGINE=InnoDB AUTO_INCREMENT=93998 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=120758 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -523,7 +523,7 @@ CREATE TABLE `email_addresses` ( LOCK TABLES `email_addresses` WRITE; /*!40000 ALTER TABLE `email_addresses` DISABLE KEYS */; -INSERT INTO `email_addresses` VALUES (1,1,'admin@example.net',1,1,'2020-04-26 13:08:38','2020-04-26 13:08:38'),(2,8,'analyst@localhost.local',1,1,'2020-04-26 18:46:48','2020-04-26 18:46:48'),(3,9,'automation@localhost.local',1,1,'2020-04-26 18:47:46','2020-04-26 18:47:46'); +INSERT INTO `email_addresses` VALUES (1,1,'admin@example.net',1,1,'2020-04-26 13:08:38','2020-04-26 13:08:38'),(3,9,'automation@localhost.local',1,1,'2020-04-26 18:47:46','2020-04-26 18:47:46'); /*!40000 ALTER TABLE `email_addresses` ENABLE KEYS */; UNLOCK TABLES; @@ -606,7 +606,7 @@ CREATE TABLE `groups_users` ( LOCK TABLES `groups_users` WRITE; /*!40000 ALTER TABLE `groups_users` DISABLE KEYS */; -INSERT INTO `groups_users` VALUES (5,8),(6,9),(7,1); +INSERT INTO `groups_users` VALUES (6,9),(7,1); /*!40000 ALTER TABLE `groups_users` ENABLE KEYS */; UNLOCK TABLES; @@ -825,7 +825,7 @@ CREATE TABLE `journal_details` ( `value` longtext, PRIMARY KEY (`id`), KEY `journal_details_journal_id` (`journal_id`) -) ENGINE=InnoDB AUTO_INCREMENT=901 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=2278 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -857,7 +857,7 @@ CREATE TABLE `journals` ( KEY `index_journals_on_user_id` (`user_id`), KEY `index_journals_on_journalized_id` (`journalized_id`), KEY `index_journals_on_created_on` (`created_on`) -) ENGINE=InnoDB AUTO_INCREMENT=5047 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=7616 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -894,7 +894,7 @@ CREATE TABLE `member_roles` ( LOCK TABLES `member_roles` WRITE; /*!40000 ALTER TABLE `member_roles` DISABLE KEYS */; -INSERT INTO `member_roles` VALUES (1,1,5,NULL),(2,2,3,NULL),(3,3,4,NULL),(4,4,5,1),(5,5,3,2),(7,7,4,3); +INSERT INTO `member_roles` VALUES (1,1,5,NULL),(2,2,3,NULL),(3,3,4,NULL),(4,4,5,1),(7,7,4,3); /*!40000 ALTER TABLE `member_roles` ENABLE KEYS */; UNLOCK TABLES; @@ -924,7 +924,7 @@ CREATE TABLE `members` ( LOCK TABLES `members` WRITE; /*!40000 ALTER TABLE `members` DISABLE KEYS */; -INSERT INTO `members` VALUES (1,6,1,'2020-04-26 18:44:14',0),(2,5,1,'2020-04-26 18:44:23',0),(3,7,1,'2020-04-26 18:45:27',0),(4,9,1,'2020-04-26 18:47:51',0),(5,8,1,'2020-04-26 18:48:00',0),(7,1,1,'2020-05-01 16:42:56',0); +INSERT INTO `members` VALUES (1,6,1,'2020-04-26 18:44:14',0),(2,5,1,'2020-04-26 18:44:23',0),(3,7,1,'2020-04-26 18:45:27',0),(4,9,1,'2020-04-26 18:47:51',0),(7,1,1,'2020-05-01 16:42:56',0); /*!40000 ALTER TABLE `members` ENABLE KEYS */; UNLOCK TABLES; @@ -1086,7 +1086,7 @@ CREATE TABLE `projects` ( LOCK TABLES `projects` WRITE; /*!40000 ALTER TABLE `projects` DISABLE KEYS */; -INSERT INTO `projects` VALUES (1,'Detection Playbooks','','',0,NULL,'2020-04-26 13:13:01','2020-04-26 13:13:01','detection-playbooks',1,1,2,0,NULL,NULL); +INSERT INTO `projects` VALUES (1,'Detection Playbooks','','',1,NULL,'2020-04-26 13:13:01','2020-07-10 19:33:53','detection-playbooks',1,1,2,0,NULL,NULL); /*!40000 ALTER TABLE `projects` ENABLE KEYS */; UNLOCK TABLES; @@ -1137,7 +1137,7 @@ CREATE TABLE `queries` ( PRIMARY KEY (`id`), KEY `index_queries_on_project_id` (`project_id`), KEY `index_queries_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1146,7 +1146,7 @@ CREATE TABLE `queries` ( LOCK TABLES `queries` WRITE; /*!40000 ALTER TABLE `queries` DISABLE KEYS */; -INSERT INTO `queries` VALUES (3,1,'All Plays','---\ntracker_id:\n :operator: \"=\"\n :values:\n - \'1\'\n',1,NULL,'---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(4,NULL,'Disabled Plays','---\nstatus_id:\n :operator: \"=\"\n :values:\n - \'6\'\n',1,NULL,'---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(5,NULL,'Draft Plays','---\nstatus_id:\n :operator: \"=\"\n :values:\n - \'2\'\n',1,NULL,'---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(6,NULL,'Playbook - Community Sigma','---\ncf_13:\n :operator: \"=\"\n :values:\n - community\n',1,'---\n- :status\n- :cf_10\n- :cf_18\n- :cf_19\n- :cf_20\n- :cf_1\n- :updated_on\n','---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(8,NULL,'Playbook - Internal','---\ncf_13:\n :operator: \"=\"\n :values:\n - Internal\n',1,'---\n- :status\n- :cf_10\n- :cf_14\n- :cf_16\n- :cf_1\n- :updated_on\n','---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'); +INSERT INTO `queries` VALUES (3,1,'All Plays','---\ntracker_id:\n :operator: \"=\"\n :values:\n - \'1\'\n',1,NULL,'---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(4,NULL,'Disabled Plays','---\nstatus_id:\n :operator: \"=\"\n :values:\n - \'6\'\n',1,NULL,'---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(5,NULL,'Draft Plays','---\nstatus_id:\n :operator: \"=\"\n :values:\n - \'2\'\n',1,NULL,'---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(6,NULL,'Playbook - Community Sigma','---\ncf_13:\n :operator: \"=\"\n :values:\n - community\n',1,'---\n- :status\n- :cf_10\n- :cf_18\n- :cf_19\n- :cf_20\n- :cf_1\n- :updated_on\n','---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(8,NULL,'Playbook - Internal','---\ncf_13:\n :operator: \"=\"\n :values:\n - Internal\n',1,'---\n- :status\n- :cf_10\n- :cf_14\n- :cf_16\n- :cf_1\n- :updated_on\n','---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'),(9,NULL,'Active Plays','---\ntracker_id:\n :operator: \"=\"\n :values:\n - \'1\'\nstatus_id:\n :operator: \"=\"\n :values:\n - \'3\'\n',1,'---\n- :status\n- :cf_10\n- :cf_13\n- :cf_18\n- :cf_19\n- :cf_1\n- :updated_on\n','---\n- - id\n - desc\n','','IssueQuery',2,'---\n:totalable_names: []\n:display_type: list\n:draw_relations: \n:draw_progress_line: \n:draw_selected_columns: \n'); /*!40000 ALTER TABLE `queries` ENABLE KEYS */; UNLOCK TABLES; @@ -1237,7 +1237,7 @@ CREATE TABLE `roles` ( LOCK TABLES `roles` WRITE; /*!40000 ALTER TABLE `roles` DISABLE KEYS */; -INSERT INTO `roles` VALUES (1,'Non member',0,1,1,NULL,'default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'0\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n'),(2,'Anonymous',0,1,2,NULL,'default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'0\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n'),(3,'Security-Analyst',1,0,0,'---\n- :save_queries\n- :view_issues\n- :edit_issues\n- :add_issue_notes\n- :edit_issue_notes\n- :sigma_editor\n','all','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\n delete_issues: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n delete_issues: []\n'),(4,'SuperAdmin',2,0,0,'---\n- :add_project\n- :edit_project\n- :close_project\n- :select_project_modules\n- :manage_members\n- :manage_versions\n- :add_subprojects\n- :manage_public_queries\n- :save_queries\n- :manage_hook\n- :view_messages\n- :add_messages\n- :edit_messages\n- :edit_own_messages\n- :delete_messages\n- :delete_own_messages\n- :manage_boards\n- :view_calendar\n- :view_documents\n- :add_documents\n- :edit_documents\n- :delete_documents\n- :view_files\n- :manage_files\n- :view_gantt\n- :view_issues\n- :edit_issues\n- :edit_own_issues\n- :copy_issues\n- :manage_issue_relations\n- :manage_subtasks\n- :set_issues_private\n- :set_own_issues_private\n- :add_issue_notes\n- :edit_issue_notes\n- :edit_own_issue_notes\n- :view_private_notes\n- :set_notes_private\n- :delete_issues\n- :view_issue_watchers\n- :add_issue_watchers\n- :delete_issue_watchers\n- :import_issues\n- :manage_categories\n- :view_news\n- :manage_news\n- :comment_news\n- :view_changesets\n- :browse_repository\n- :commit_access\n- :manage_related_issues\n- :manage_repository\n- :sigma_editor\n- :view_time_entries\n- :log_time\n- :edit_time_entries\n- :edit_own_time_entries\n- :manage_project_activities\n- :log_time_for_other_users\n- :import_time_entries\n- :view_wiki_pages\n- :view_wiki_edits\n- :export_wiki_pages\n- :edit_wiki_pages\n- :rename_wiki_pages\n- :delete_wiki_pages\n- :delete_wiki_pages_attachments\n- :protect_wiki_pages\n- :manage_wiki\n','default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\n delete_issues: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n delete_issues: []\n'),(5,'Automation',3,0,0,'---\n- :view_issues\n- :add_issues\n- :edit_issues\n- :add_issue_notes\n- :edit_issue_notes\n- :import_issues\n- :sigma_editor\n','default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\n delete_issues: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n delete_issues: []\n'); +INSERT INTO `roles` VALUES (1,'Non member',0,1,1,NULL,'default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'0\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n'),(2,'Anonymous',0,1,2,'---\n- :view_issues\n- :edit_issues\n- :add_issue_notes\n- :sigma_editor\n','default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n'),(3,'Security-Analyst',1,0,0,'---\n- :save_queries\n- :view_issues\n- :edit_issues\n- :add_issue_notes\n- :edit_issue_notes\n- :sigma_editor\n','all','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\n delete_issues: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n delete_issues: []\n'),(4,'SuperAdmin',2,0,0,'---\n- :add_project\n- :edit_project\n- :close_project\n- :select_project_modules\n- :manage_members\n- :manage_versions\n- :add_subprojects\n- :manage_public_queries\n- :save_queries\n- :manage_hook\n- :view_messages\n- :add_messages\n- :edit_messages\n- :edit_own_messages\n- :delete_messages\n- :delete_own_messages\n- :manage_boards\n- :view_calendar\n- :view_documents\n- :add_documents\n- :edit_documents\n- :delete_documents\n- :view_files\n- :manage_files\n- :view_gantt\n- :view_issues\n- :edit_issues\n- :edit_own_issues\n- :copy_issues\n- :manage_issue_relations\n- :manage_subtasks\n- :set_issues_private\n- :set_own_issues_private\n- :add_issue_notes\n- :edit_issue_notes\n- :edit_own_issue_notes\n- :view_private_notes\n- :set_notes_private\n- :delete_issues\n- :view_issue_watchers\n- :add_issue_watchers\n- :delete_issue_watchers\n- :import_issues\n- :manage_categories\n- :view_news\n- :manage_news\n- :comment_news\n- :view_changesets\n- :browse_repository\n- :commit_access\n- :manage_related_issues\n- :manage_repository\n- :sigma_editor\n- :view_time_entries\n- :log_time\n- :edit_time_entries\n- :edit_own_time_entries\n- :manage_project_activities\n- :log_time_for_other_users\n- :import_time_entries\n- :view_wiki_pages\n- :view_wiki_edits\n- :export_wiki_pages\n- :edit_wiki_pages\n- :rename_wiki_pages\n- :delete_wiki_pages\n- :delete_wiki_pages_attachments\n- :protect_wiki_pages\n- :manage_wiki\n','default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\n delete_issues: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n delete_issues: []\n'),(5,'Automation',3,0,0,'---\n- :view_issues\n- :add_issues\n- :edit_issues\n- :add_issue_notes\n- :edit_issue_notes\n- :import_issues\n- :sigma_editor\n','default','all','all',1,'--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\npermissions_all_trackers: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: \'1\'\n add_issues: \'1\'\n edit_issues: \'1\'\n add_issue_notes: \'1\'\n delete_issues: \'1\'\npermissions_tracker_ids: !ruby/hash:ActiveSupport::HashWithIndifferentAccess\n view_issues: []\n add_issues: []\n edit_issues: []\n add_issue_notes: []\n delete_issues: []\n'); /*!40000 ALTER TABLE `roles` ENABLE KEYS */; UNLOCK TABLES; @@ -1310,7 +1310,7 @@ CREATE TABLE `settings` ( LOCK TABLES `settings` WRITE; /*!40000 ALTER TABLE `settings` DISABLE KEYS */; -INSERT INTO `settings` VALUES (1,'ui_theme','circle','2020-04-26 13:11:26'),(2,'default_language','en','2020-04-26 13:11:26'),(3,'force_default_language_for_anonymous','0','2020-04-26 13:11:26'),(4,'force_default_language_for_loggedin','0','2020-04-26 13:11:26'),(5,'start_of_week','','2020-04-26 13:11:26'),(6,'date_format','','2020-04-26 13:11:26'),(7,'time_format','','2020-04-26 13:11:26'),(8,'timespan_format','decimal','2020-04-26 13:11:26'),(9,'user_format','firstname_lastname','2020-05-02 12:45:00'),(10,'gravatar_enabled','1','2020-05-02 12:41:07'),(11,'thumbnails_enabled','1','2020-04-26 13:11:26'),(12,'thumbnails_size','100','2020-04-26 13:11:26'),(13,'new_item_menu_tab','0','2020-04-26 13:11:30'),(14,'login_required','1','2020-04-26 13:11:54'),(15,'autologin','0','2020-04-26 13:11:54'),(16,'self_registration','0','2020-04-26 13:11:54'),(17,'show_custom_fields_on_registration','0','2020-04-26 13:11:54'),(18,'password_min_length','8','2020-04-26 13:11:54'),(19,'password_required_char_classes','--- []\n','2020-04-26 13:11:54'),(20,'password_max_age','0','2020-04-26 13:11:54'),(21,'lost_password','1','2020-04-26 13:11:54'),(22,'openid','0','2020-04-26 13:11:55'),(23,'session_lifetime','0','2020-04-26 13:11:55'),(24,'session_timeout','0','2020-04-26 13:11:55'),(25,'rest_api_enabled','1','2020-04-26 13:11:58'),(26,'jsonp_enabled','0','2020-04-26 13:11:58'),(27,'default_projects_public','0','2020-04-26 13:12:21'),(28,'default_projects_modules','---\n- sigma_editor\n','2020-04-26 13:12:21'),(29,'default_projects_tracker_ids','--- []\n','2020-04-26 13:12:21'),(30,'sequential_project_identifiers','0','2020-04-26 13:12:21'),(31,'project_list_defaults','---\n:column_names:\n- name\n- identifier\n- short_description\n','2020-04-26 13:12:21'),(32,'app_title','Playbook','2020-04-26 18:17:51'),(33,'welcome_text','','2020-04-26 18:17:51'),(34,'per_page_options','25,75,150','2020-05-02 12:41:38'),(35,'search_results_per_page','10','2020-04-26 18:17:51'),(36,'activity_days_default','30','2020-04-26 18:17:51'),(37,'host_name','localhost:3000','2020-04-26 18:17:51'),(38,'protocol','http','2020-04-26 18:17:51'),(39,'text_formatting','textile','2020-04-26 18:17:51'),(40,'cache_formatted_text','0','2020-04-26 18:17:51'),(41,'wiki_compression','','2020-04-26 18:17:51'),(42,'feeds_limit','15','2020-04-26 18:17:51'),(43,'plugin_redmine_playbook','--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nproject: \'1\'\nconvert_url: http://192.168.15.120:7000/playbook/sigmac\ncreate_url: http://192.168.15.120:7000/playbook/play','2020-05-02 12:39:20'),(44,'cross_project_issue_relations','0','2020-05-01 16:27:33'),(45,'link_copied_issue','no','2020-05-01 16:27:33'),(46,'cross_project_subtasks','','2020-05-01 16:27:33'),(47,'close_duplicate_issues','0','2020-05-01 16:27:33'),(48,'issue_group_assignment','0','2020-05-01 16:27:33'),(49,'default_issue_start_date_to_creation_date','1','2020-05-01 16:27:33'),(50,'display_subprojects_issues','0','2020-05-01 16:27:33'),(51,'issue_done_ratio','issue_field','2020-05-01 16:27:33'),(52,'non_working_week_days','---\n- \'6\'\n- \'7\'\n','2020-05-01 16:27:33'),(53,'issues_export_limit','500','2020-05-01 16:27:33'),(54,'gantt_items_limit','500','2020-05-01 16:27:33'),(55,'gantt_months_limit','24','2020-05-01 16:27:33'),(56,'parent_issue_dates','derived','2020-05-01 16:27:33'),(57,'parent_issue_priority','derived','2020-05-01 16:27:33'),(58,'parent_issue_done_ratio','derived','2020-05-01 16:27:33'),(59,'issue_list_default_columns','---\n- status\n- cf_10\n- cf_13\n- cf_14\n- cf_1\n- updated_on\n','2020-05-01 19:32:13'),(60,'issue_list_default_totals','--- []\n','2020-05-01 16:27:33'),(61,'enabled_scm','--- []\n','2020-05-01 16:27:47'),(62,'autofetch_changesets','0','2020-05-01 16:27:47'),(63,'sys_api_enabled','0','2020-05-01 16:27:47'),(64,'repository_log_display_limit','100','2020-05-01 16:27:47'),(65,'commit_logs_formatting','1','2020-05-01 16:27:47'),(66,'commit_ref_keywords','refs,references,IssueID','2020-05-01 16:27:47'),(67,'commit_cross_project_ref','0','2020-05-01 16:27:47'),(68,'commit_logtime_enabled','0','2020-05-01 16:27:47'),(69,'commit_update_keywords','--- []\n','2020-05-01 16:27:47'),(70,'gravatar_default','','2020-05-02 12:41:07'); +INSERT INTO `settings` VALUES (1,'ui_theme','circle','2020-04-26 13:11:26'),(2,'default_language','en','2020-04-26 13:11:26'),(3,'force_default_language_for_anonymous','0','2020-04-26 13:11:26'),(4,'force_default_language_for_loggedin','0','2020-04-26 13:11:26'),(5,'start_of_week','','2020-04-26 13:11:26'),(6,'date_format','','2020-04-26 13:11:26'),(7,'time_format','','2020-04-26 13:11:26'),(8,'timespan_format','decimal','2020-04-26 13:11:26'),(9,'user_format','firstname_lastname','2020-05-02 12:45:00'),(10,'gravatar_enabled','1','2020-05-02 12:41:07'),(11,'thumbnails_enabled','1','2020-04-26 13:11:26'),(12,'thumbnails_size','100','2020-04-26 13:11:26'),(13,'new_item_menu_tab','0','2020-04-26 13:11:30'),(14,'login_required','0','2020-07-10 19:32:45'),(15,'autologin','0','2020-04-26 13:11:54'),(16,'self_registration','0','2020-04-26 13:11:54'),(17,'show_custom_fields_on_registration','0','2020-04-26 13:11:54'),(18,'password_min_length','8','2020-04-26 13:11:54'),(19,'password_required_char_classes','--- []\n','2020-04-26 13:11:54'),(20,'password_max_age','0','2020-04-26 13:11:54'),(21,'lost_password','1','2020-04-26 13:11:54'),(22,'openid','0','2020-04-26 13:11:55'),(23,'session_lifetime','0','2020-04-26 13:11:55'),(24,'session_timeout','0','2020-04-26 13:11:55'),(25,'rest_api_enabled','1','2020-04-26 13:11:58'),(26,'jsonp_enabled','0','2020-04-26 13:11:58'),(27,'default_projects_public','0','2020-04-26 13:12:21'),(28,'default_projects_modules','---\n- sigma_editor\n','2020-04-26 13:12:21'),(29,'default_projects_tracker_ids','--- []\n','2020-04-26 13:12:21'),(30,'sequential_project_identifiers','0','2020-04-26 13:12:21'),(31,'project_list_defaults','---\n:column_names:\n- name\n- identifier\n- short_description\n','2020-04-26 13:12:21'),(32,'app_title','Playbook','2020-04-26 18:17:51'),(33,'welcome_text','','2020-04-26 18:17:51'),(34,'per_page_options','25,75,150','2020-05-02 12:41:38'),(35,'search_results_per_page','10','2020-04-26 18:17:51'),(36,'activity_days_default','30','2020-04-26 18:17:51'),(37,'host_name','localhost:3000','2020-04-26 18:17:51'),(38,'protocol','http','2020-04-26 18:17:51'),(39,'text_formatting','textile','2020-04-26 18:17:51'),(40,'cache_formatted_text','0','2020-04-26 18:17:51'),(41,'wiki_compression','','2020-04-26 18:17:51'),(42,'feeds_limit','15','2020-04-26 18:17:51'),(43,'plugin_redmine_playbook','--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nproject: \'1\'\nconvert_url: http://10.66.166.141:7000/playbook/sigmac\ncreate_url: http://10.66.166.141:7000/playbook/play','2020-05-02 12:39:20'),(44,'cross_project_issue_relations','0','2020-05-01 16:27:33'),(45,'link_copied_issue','no','2020-05-01 16:27:33'),(46,'cross_project_subtasks','','2020-05-01 16:27:33'),(47,'close_duplicate_issues','0','2020-05-01 16:27:33'),(48,'issue_group_assignment','0','2020-05-01 16:27:33'),(49,'default_issue_start_date_to_creation_date','1','2020-05-01 16:27:33'),(50,'display_subprojects_issues','0','2020-05-01 16:27:33'),(51,'issue_done_ratio','issue_field','2020-05-01 16:27:33'),(52,'non_working_week_days','---\n- \'6\'\n- \'7\'\n','2020-05-01 16:27:33'),(53,'issues_export_limit','500','2020-05-01 16:27:33'),(54,'gantt_items_limit','500','2020-05-01 16:27:33'),(55,'gantt_months_limit','24','2020-05-01 16:27:33'),(56,'parent_issue_dates','derived','2020-05-01 16:27:33'),(57,'parent_issue_priority','derived','2020-05-01 16:27:33'),(58,'parent_issue_done_ratio','derived','2020-05-01 16:27:33'),(59,'issue_list_default_columns','---\n- status\n- cf_10\n- cf_13\n- cf_14\n- cf_1\n- updated_on\n','2020-05-01 19:32:13'),(60,'issue_list_default_totals','--- []\n','2020-05-01 16:27:33'),(61,'enabled_scm','--- []\n','2020-05-01 16:27:47'),(62,'autofetch_changesets','0','2020-05-01 16:27:47'),(63,'sys_api_enabled','0','2020-05-01 16:27:47'),(64,'repository_log_display_limit','100','2020-05-01 16:27:47'),(65,'commit_logs_formatting','1','2020-05-01 16:27:47'),(66,'commit_ref_keywords','refs,references,IssueID','2020-05-01 16:27:47'),(67,'commit_cross_project_ref','0','2020-05-01 16:27:47'),(68,'commit_logtime_enabled','0','2020-05-01 16:27:47'),(69,'commit_update_keywords','--- []\n','2020-05-01 16:27:47'),(70,'gravatar_default','','2020-05-02 12:41:07'); /*!40000 ALTER TABLE `settings` ENABLE KEYS */; UNLOCK TABLES; @@ -1371,7 +1371,7 @@ CREATE TABLE `tokens` ( PRIMARY KEY (`id`), UNIQUE KEY `tokens_value` (`value`), KEY `index_tokens_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=60 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=72 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1380,7 +1380,7 @@ CREATE TABLE `tokens` ( LOCK TABLES `tokens` WRITE; /*!40000 ALTER TABLE `tokens` DISABLE KEYS */; -INSERT INTO `tokens` VALUES (3,1,'feeds','6e5575602e1227c188cd85ef6d12608bb8701193','2020-04-26 13:10:46','2020-04-26 13:10:46'),(4,1,'session','999412fa9badda7423c6c654d6364c32c20b3eac','2020-04-26 18:07:03','2020-04-26 18:12:02'),(5,1,'session','124ad4acbf87a942426350e7ad028c1d119c3851','2020-04-26 18:17:11','2020-04-26 18:19:24'),(8,8,'feeds','1f28542e983dc0a3abfc81013ff7f008f1cb6800','2020-04-26 18:50:50','2020-04-26 18:50:50'),(9,1,'session','2890c663e0552f26ddb92acad6ab3b6d05b92915','2020-04-26 18:51:15','2020-04-26 18:51:15'),(19,1,'session','b7ffb106ea0b34650dd9c1770f74c2b0ffe166b2','2020-05-01 16:52:33','2020-05-01 18:02:30'),(20,1,'session','f44cfcf918eef59ffda47991c431d9c2b2ac6113','2020-05-01 18:05:56','2020-05-01 18:05:56'),(23,9,'feeds','211918c9d7168979b5dc19bebb14573b928a5067','2020-05-01 18:26:17','2020-05-01 18:26:17'),(25,9,'api','de6639318502476f2fa5aa06f43f51fb389a3d7f','2020-05-01 18:26:31','2020-05-01 18:26:31'),(36,8,'session','47616205d262d3e3f05665038888edc463b872d9','2020-05-01 19:41:12','2020-05-01 19:44:24'),(39,8,'session','a4d98ddceb539f8a5d2f99ee4f4274f711f6dc14','2020-05-01 20:40:23','2020-05-01 20:40:27'),(45,8,'session','b7346c8089e9b6237d9438f7c08ce014ad46d5d2','2020-05-03 09:13:00','2020-05-03 10:01:34'),(46,1,'session','2d0c8f8ae641c06d8c2362746846440d465d53c0','2020-05-06 20:48:01','2020-05-06 20:48:07'),(47,8,'session','1adb4bf696b7a4eafedf633cef7dee28e138ec01','2020-05-06 20:52:43','2020-05-06 20:52:48'),(54,8,'session','c1d788feea4bc194f6b24005943807b477bc1fb8','2020-05-13 14:23:44','2020-05-13 14:29:25'),(59,1,'session','2afe6590653d59a697d1436729c64f322a2eff82','2020-07-01 18:11:07','2020-07-01 20:30:43'); +INSERT INTO `tokens` VALUES (3,1,'feeds','6e5575602e1227c188cd85ef6d12608bb8701193','2020-04-26 13:10:46','2020-04-26 13:10:46'),(4,1,'session','999412fa9badda7423c6c654d6364c32c20b3eac','2020-04-26 18:07:03','2020-04-26 18:12:02'),(5,1,'session','124ad4acbf87a942426350e7ad028c1d119c3851','2020-04-26 18:17:11','2020-04-26 18:19:24'),(9,1,'session','2890c663e0552f26ddb92acad6ab3b6d05b92915','2020-04-26 18:51:15','2020-04-26 18:51:15'),(19,1,'session','b7ffb106ea0b34650dd9c1770f74c2b0ffe166b2','2020-05-01 16:52:33','2020-05-01 18:02:30'),(20,1,'session','f44cfcf918eef59ffda47991c431d9c2b2ac6113','2020-05-01 18:05:56','2020-05-01 18:05:56'),(23,9,'feeds','211918c9d7168979b5dc19bebb14573b928a5067','2020-05-01 18:26:17','2020-05-01 18:26:17'),(25,9,'api','de6639318502476f2fa5aa06f43f51fb389a3d7f','2020-05-01 18:26:31','2020-05-01 18:26:31'),(46,1,'session','2d0c8f8ae641c06d8c2362746846440d465d53c0','2020-05-06 20:48:01','2020-05-06 20:48:07'),(59,1,'session','2afe6590653d59a697d1436729c64f322a2eff82','2020-07-01 18:11:07','2020-07-01 20:30:43'); /*!40000 ALTER TABLE `tokens` ENABLE KEYS */; UNLOCK TABLES; @@ -1438,7 +1438,7 @@ CREATE TABLE `user_preferences` ( LOCK TABLES `user_preferences` WRITE; /*!40000 ALTER TABLE `user_preferences` DISABLE KEYS */; -INSERT INTO `user_preferences` VALUES (1,1,'---\n:no_self_notified: \'1\'\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:recently_used_project_ids: \'1\'\n',1,''),(2,8,'---\n:no_self_notified: \'1\'\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''),(3,9,'---\n:no_self_notified: \'1\'\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''); +INSERT INTO `user_preferences` VALUES (1,1,'---\n:no_self_notified: \'1\'\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:recently_used_project_ids: \'1\'\n',1,''),(3,9,'---\n:no_self_notified: \'1\'\n:comments_sorting: asc\n:warn_on_leaving_unsaved: \'1\'\n:textarea_font: \'\'\n:recently_used_projects: 3\n:history_default_tab: notes\n:my_page_layout:\n left:\n - issuesassignedtome\n right:\n - issuesreportedbyme\n:my_page_settings: {}\n:recently_used_project_ids: \'1\'\n',1,''); /*!40000 ALTER TABLE `user_preferences` ENABLE KEYS */; UNLOCK TABLES; @@ -1481,7 +1481,7 @@ CREATE TABLE `users` ( LOCK TABLES `users` WRITE; /*!40000 ALTER TABLE `users` DISABLE KEYS */; -INSERT INTO `users` VALUES (1,'admin','95535e9f7a386c412f20134ebb869c00cf346477','Admin','Admin',1,1,'2020-07-01 18:11:07','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','5ceb2c95ce1593d4ba034d385ceefb2f',0,'2020-04-26 13:10:27'),(2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL),(3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL),(4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL),(5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL),(6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL),(7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL),(8,'analyst','adfc2e9391aa2ce34a02ce5bcc225efe853ee6cc','analyst','analyst',0,1,'2020-07-01 17:54:37','en',NULL,'2020-04-26 18:46:48','2020-04-26 18:46:48','User',NULL,'none','6b5dc1c8429a1c7d69375d723f7e3207',0,'2020-04-26 18:46:48'),(9,'automation','d2e7d78af1f0c0637765ae8cf1a359c4a30034c9','SecOps','Automation',0,1,'2020-05-01 18:26:17','en',NULL,'2020-04-26 18:47:46','2020-05-01 18:26:10','User',NULL,'none','41043e596f70e327e34fc99c861f5b31',0,'2020-05-01 18:26:10'); +INSERT INTO `users` VALUES (1,'admin','95535e9f7a386c412f20134ebb869c00cf346477','Admin','Admin',1,1,'2020-07-10 23:37:45','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','5ceb2c95ce1593d4ba034d385ceefb2f',0,'2020-04-26 13:10:27'),(2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL),(3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL),(4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL),(5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL),(6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL),(7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL),(9,'automation','d2e7d78af1f0c0637765ae8cf1a359c4a30034c9','SecOps','Automation',0,1,'2020-05-01 18:26:17','en',NULL,'2020-04-26 18:47:46','2020-05-01 18:26:10','User',NULL,'none','41043e596f70e327e34fc99c861f5b31',0,'2020-05-01 18:26:10'); /*!40000 ALTER TABLE `users` ENABLE KEYS */; UNLOCK TABLES; @@ -1567,7 +1567,7 @@ CREATE TABLE `webhooks` ( LOCK TABLES `webhooks` WRITE; /*!40000 ALTER TABLE `webhooks` DISABLE KEYS */; -INSERT INTO `webhooks` VALUES (1,'http://192.168.15.120:7000/playbook/webhook',1); +INSERT INTO `webhooks` VALUES (1,'http://10.66.166.141:7000/playbook/webhook',1); /*!40000 ALTER TABLE `webhooks` ENABLE KEYS */; UNLOCK TABLES; @@ -1742,7 +1742,7 @@ CREATE TABLE `workflows` ( KEY `index_workflows_on_role_id` (`role_id`), KEY `index_workflows_on_new_status_id` (`new_status_id`), KEY `index_workflows_on_tracker_id` (`tracker_id`) -) ENGINE=InnoDB AUTO_INCREMENT=452 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=642 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1751,7 +1751,7 @@ CREATE TABLE `workflows` ( LOCK TABLES `workflows` WRITE; /*!40000 ALTER TABLE `workflows` DISABLE KEYS */; -INSERT INTO `workflows` VALUES (132,1,2,0,3,0,0,'WorkflowPermission','14','readonly'),(134,1,2,0,3,0,0,'WorkflowPermission','16','readonly'),(151,1,3,0,3,0,0,'WorkflowPermission','14','readonly'),(153,1,3,0,3,0,0,'WorkflowPermission','16','readonly'),(170,1,4,0,3,0,0,'WorkflowPermission','14','readonly'),(172,1,4,0,3,0,0,'WorkflowPermission','16','readonly'),(189,1,5,0,3,0,0,'WorkflowPermission','14','readonly'),(191,1,5,0,3,0,0,'WorkflowPermission','16','readonly'),(208,1,6,0,3,0,0,'WorkflowPermission','14','readonly'),(210,1,6,0,3,0,0,'WorkflowPermission','16','readonly'),(220,1,2,3,3,0,0,'WorkflowTransition',NULL,NULL),(221,1,2,3,4,0,0,'WorkflowTransition',NULL,NULL),(222,1,2,3,5,0,0,'WorkflowTransition',NULL,NULL),(223,1,2,6,3,0,0,'WorkflowTransition',NULL,NULL),(224,1,2,6,4,0,0,'WorkflowTransition',NULL,NULL),(225,1,2,6,5,0,0,'WorkflowTransition',NULL,NULL),(226,1,3,4,3,0,0,'WorkflowTransition',NULL,NULL),(227,1,3,4,4,0,0,'WorkflowTransition',NULL,NULL),(228,1,3,4,5,0,0,'WorkflowTransition',NULL,NULL),(229,1,4,5,3,0,0,'WorkflowTransition',NULL,NULL),(230,1,4,5,4,0,0,'WorkflowTransition',NULL,NULL),(231,1,4,5,5,0,0,'WorkflowTransition',NULL,NULL),(232,1,4,6,3,0,0,'WorkflowTransition',NULL,NULL),(233,1,4,6,4,0,0,'WorkflowTransition',NULL,NULL),(234,1,4,6,5,0,0,'WorkflowTransition',NULL,NULL),(235,1,6,3,3,0,0,'WorkflowTransition',NULL,NULL),(236,1,6,3,4,0,0,'WorkflowTransition',NULL,NULL),(237,1,6,3,5,0,0,'WorkflowTransition',NULL,NULL),(239,1,2,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(240,1,3,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(241,1,4,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(242,1,5,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(243,1,6,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(244,1,0,2,5,0,0,'WorkflowTransition',NULL,NULL),(245,1,0,2,4,0,0,'WorkflowTransition',NULL,NULL),(246,1,0,6,5,0,0,'WorkflowTransition',NULL,NULL),(352,1,2,0,3,0,0,'WorkflowPermission','project_id','readonly'),(353,1,2,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(354,1,2,0,3,0,0,'WorkflowPermission','subject','readonly'),(355,1,2,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(356,1,2,0,3,0,0,'WorkflowPermission','is_private','readonly'),(357,1,2,0,3,0,0,'WorkflowPermission','description','readonly'),(358,1,2,0,3,0,0,'WorkflowPermission','1','readonly'),(359,1,2,0,3,0,0,'WorkflowPermission','2','readonly'),(360,1,2,0,3,0,0,'WorkflowPermission','10','readonly'),(361,1,2,0,3,0,0,'WorkflowPermission','20','readonly'),(362,1,2,0,3,0,0,'WorkflowPermission','8','readonly'),(363,1,2,0,3,0,0,'WorkflowPermission','15','readonly'),(364,1,2,0,3,0,0,'WorkflowPermission','11','readonly'),(365,1,2,0,3,0,0,'WorkflowPermission','12','readonly'),(366,1,2,0,3,0,0,'WorkflowPermission','19','readonly'),(367,1,2,0,3,0,0,'WorkflowPermission','7','readonly'),(368,1,2,0,3,0,0,'WorkflowPermission','3','readonly'),(369,1,2,0,3,0,0,'WorkflowPermission','5','readonly'),(370,1,2,0,3,0,0,'WorkflowPermission','6','readonly'),(371,1,2,0,3,0,0,'WorkflowPermission','22','readonly'),(372,1,3,0,3,0,0,'WorkflowPermission','project_id','readonly'),(373,1,3,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(374,1,3,0,3,0,0,'WorkflowPermission','subject','readonly'),(375,1,3,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(376,1,3,0,3,0,0,'WorkflowPermission','is_private','readonly'),(377,1,3,0,3,0,0,'WorkflowPermission','description','readonly'),(378,1,3,0,3,0,0,'WorkflowPermission','1','readonly'),(379,1,3,0,3,0,0,'WorkflowPermission','2','readonly'),(380,1,3,0,3,0,0,'WorkflowPermission','10','readonly'),(381,1,3,0,3,0,0,'WorkflowPermission','20','readonly'),(382,1,3,0,3,0,0,'WorkflowPermission','8','readonly'),(383,1,3,0,3,0,0,'WorkflowPermission','15','readonly'),(384,1,3,0,3,0,0,'WorkflowPermission','11','readonly'),(385,1,3,0,3,0,0,'WorkflowPermission','12','readonly'),(386,1,3,0,3,0,0,'WorkflowPermission','19','readonly'),(387,1,3,0,3,0,0,'WorkflowPermission','7','readonly'),(388,1,3,0,3,0,0,'WorkflowPermission','3','readonly'),(389,1,3,0,3,0,0,'WorkflowPermission','5','readonly'),(390,1,3,0,3,0,0,'WorkflowPermission','6','readonly'),(391,1,3,0,3,0,0,'WorkflowPermission','22','readonly'),(392,1,4,0,3,0,0,'WorkflowPermission','project_id','readonly'),(393,1,4,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(394,1,4,0,3,0,0,'WorkflowPermission','subject','readonly'),(395,1,4,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(396,1,4,0,3,0,0,'WorkflowPermission','is_private','readonly'),(397,1,4,0,3,0,0,'WorkflowPermission','description','readonly'),(398,1,4,0,3,0,0,'WorkflowPermission','1','readonly'),(399,1,4,0,3,0,0,'WorkflowPermission','2','readonly'),(400,1,4,0,3,0,0,'WorkflowPermission','10','readonly'),(401,1,4,0,3,0,0,'WorkflowPermission','20','readonly'),(402,1,4,0,3,0,0,'WorkflowPermission','8','readonly'),(403,1,4,0,3,0,0,'WorkflowPermission','15','readonly'),(404,1,4,0,3,0,0,'WorkflowPermission','11','readonly'),(405,1,4,0,3,0,0,'WorkflowPermission','12','readonly'),(406,1,4,0,3,0,0,'WorkflowPermission','19','readonly'),(407,1,4,0,3,0,0,'WorkflowPermission','7','readonly'),(408,1,4,0,3,0,0,'WorkflowPermission','3','readonly'),(409,1,4,0,3,0,0,'WorkflowPermission','5','readonly'),(410,1,4,0,3,0,0,'WorkflowPermission','6','readonly'),(411,1,4,0,3,0,0,'WorkflowPermission','22','readonly'),(412,1,5,0,3,0,0,'WorkflowPermission','project_id','readonly'),(413,1,5,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(414,1,5,0,3,0,0,'WorkflowPermission','subject','readonly'),(415,1,5,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(416,1,5,0,3,0,0,'WorkflowPermission','is_private','readonly'),(417,1,5,0,3,0,0,'WorkflowPermission','description','readonly'),(418,1,5,0,3,0,0,'WorkflowPermission','1','readonly'),(419,1,5,0,3,0,0,'WorkflowPermission','2','readonly'),(420,1,5,0,3,0,0,'WorkflowPermission','10','readonly'),(421,1,5,0,3,0,0,'WorkflowPermission','20','readonly'),(422,1,5,0,3,0,0,'WorkflowPermission','8','readonly'),(423,1,5,0,3,0,0,'WorkflowPermission','15','readonly'),(424,1,5,0,3,0,0,'WorkflowPermission','11','readonly'),(425,1,5,0,3,0,0,'WorkflowPermission','12','readonly'),(426,1,5,0,3,0,0,'WorkflowPermission','19','readonly'),(427,1,5,0,3,0,0,'WorkflowPermission','7','readonly'),(428,1,5,0,3,0,0,'WorkflowPermission','3','readonly'),(429,1,5,0,3,0,0,'WorkflowPermission','5','readonly'),(430,1,5,0,3,0,0,'WorkflowPermission','6','readonly'),(431,1,5,0,3,0,0,'WorkflowPermission','22','readonly'),(432,1,6,0,3,0,0,'WorkflowPermission','project_id','readonly'),(433,1,6,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(434,1,6,0,3,0,0,'WorkflowPermission','subject','readonly'),(435,1,6,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(436,1,6,0,3,0,0,'WorkflowPermission','is_private','readonly'),(437,1,6,0,3,0,0,'WorkflowPermission','description','readonly'),(438,1,6,0,3,0,0,'WorkflowPermission','1','readonly'),(439,1,6,0,3,0,0,'WorkflowPermission','2','readonly'),(440,1,6,0,3,0,0,'WorkflowPermission','10','readonly'),(441,1,6,0,3,0,0,'WorkflowPermission','20','readonly'),(442,1,6,0,3,0,0,'WorkflowPermission','8','readonly'),(443,1,6,0,3,0,0,'WorkflowPermission','15','readonly'),(444,1,6,0,3,0,0,'WorkflowPermission','11','readonly'),(445,1,6,0,3,0,0,'WorkflowPermission','12','readonly'),(446,1,6,0,3,0,0,'WorkflowPermission','19','readonly'),(447,1,6,0,3,0,0,'WorkflowPermission','7','readonly'),(448,1,6,0,3,0,0,'WorkflowPermission','3','readonly'),(449,1,6,0,3,0,0,'WorkflowPermission','5','readonly'),(450,1,6,0,3,0,0,'WorkflowPermission','6','readonly'),(451,1,6,0,3,0,0,'WorkflowPermission','22','readonly'); +INSERT INTO `workflows` VALUES (132,1,2,0,3,0,0,'WorkflowPermission','14','readonly'),(134,1,2,0,3,0,0,'WorkflowPermission','16','readonly'),(151,1,3,0,3,0,0,'WorkflowPermission','14','readonly'),(153,1,3,0,3,0,0,'WorkflowPermission','16','readonly'),(170,1,4,0,3,0,0,'WorkflowPermission','14','readonly'),(172,1,4,0,3,0,0,'WorkflowPermission','16','readonly'),(189,1,5,0,3,0,0,'WorkflowPermission','14','readonly'),(191,1,5,0,3,0,0,'WorkflowPermission','16','readonly'),(208,1,6,0,3,0,0,'WorkflowPermission','14','readonly'),(210,1,6,0,3,0,0,'WorkflowPermission','16','readonly'),(220,1,2,3,3,0,0,'WorkflowTransition',NULL,NULL),(221,1,2,3,4,0,0,'WorkflowTransition',NULL,NULL),(222,1,2,3,5,0,0,'WorkflowTransition',NULL,NULL),(223,1,2,6,3,0,0,'WorkflowTransition',NULL,NULL),(224,1,2,6,4,0,0,'WorkflowTransition',NULL,NULL),(225,1,2,6,5,0,0,'WorkflowTransition',NULL,NULL),(226,1,3,4,3,0,0,'WorkflowTransition',NULL,NULL),(227,1,3,4,4,0,0,'WorkflowTransition',NULL,NULL),(228,1,3,4,5,0,0,'WorkflowTransition',NULL,NULL),(229,1,4,5,3,0,0,'WorkflowTransition',NULL,NULL),(230,1,4,5,4,0,0,'WorkflowTransition',NULL,NULL),(231,1,4,5,5,0,0,'WorkflowTransition',NULL,NULL),(232,1,4,6,3,0,0,'WorkflowTransition',NULL,NULL),(233,1,4,6,4,0,0,'WorkflowTransition',NULL,NULL),(234,1,4,6,5,0,0,'WorkflowTransition',NULL,NULL),(235,1,6,3,3,0,0,'WorkflowTransition',NULL,NULL),(236,1,6,3,4,0,0,'WorkflowTransition',NULL,NULL),(237,1,6,3,5,0,0,'WorkflowTransition',NULL,NULL),(239,1,2,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(240,1,3,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(241,1,4,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(242,1,5,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(243,1,6,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(244,1,0,2,5,0,0,'WorkflowTransition',NULL,NULL),(245,1,0,2,4,0,0,'WorkflowTransition',NULL,NULL),(246,1,0,6,5,0,0,'WorkflowTransition',NULL,NULL),(352,1,2,0,3,0,0,'WorkflowPermission','project_id','readonly'),(353,1,2,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(354,1,2,0,3,0,0,'WorkflowPermission','subject','readonly'),(355,1,2,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(356,1,2,0,3,0,0,'WorkflowPermission','is_private','readonly'),(357,1,2,0,3,0,0,'WorkflowPermission','description','readonly'),(358,1,2,0,3,0,0,'WorkflowPermission','1','readonly'),(359,1,2,0,3,0,0,'WorkflowPermission','2','readonly'),(360,1,2,0,3,0,0,'WorkflowPermission','10','readonly'),(361,1,2,0,3,0,0,'WorkflowPermission','20','readonly'),(362,1,2,0,3,0,0,'WorkflowPermission','8','readonly'),(363,1,2,0,3,0,0,'WorkflowPermission','15','readonly'),(364,1,2,0,3,0,0,'WorkflowPermission','11','readonly'),(365,1,2,0,3,0,0,'WorkflowPermission','12','readonly'),(366,1,2,0,3,0,0,'WorkflowPermission','19','readonly'),(367,1,2,0,3,0,0,'WorkflowPermission','7','readonly'),(368,1,2,0,3,0,0,'WorkflowPermission','3','readonly'),(369,1,2,0,3,0,0,'WorkflowPermission','5','readonly'),(370,1,2,0,3,0,0,'WorkflowPermission','6','readonly'),(371,1,2,0,3,0,0,'WorkflowPermission','22','readonly'),(372,1,3,0,3,0,0,'WorkflowPermission','project_id','readonly'),(373,1,3,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(374,1,3,0,3,0,0,'WorkflowPermission','subject','readonly'),(375,1,3,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(376,1,3,0,3,0,0,'WorkflowPermission','is_private','readonly'),(377,1,3,0,3,0,0,'WorkflowPermission','description','readonly'),(378,1,3,0,3,0,0,'WorkflowPermission','1','readonly'),(379,1,3,0,3,0,0,'WorkflowPermission','2','readonly'),(380,1,3,0,3,0,0,'WorkflowPermission','10','readonly'),(381,1,3,0,3,0,0,'WorkflowPermission','20','readonly'),(382,1,3,0,3,0,0,'WorkflowPermission','8','readonly'),(383,1,3,0,3,0,0,'WorkflowPermission','15','readonly'),(384,1,3,0,3,0,0,'WorkflowPermission','11','readonly'),(385,1,3,0,3,0,0,'WorkflowPermission','12','readonly'),(386,1,3,0,3,0,0,'WorkflowPermission','19','readonly'),(387,1,3,0,3,0,0,'WorkflowPermission','7','readonly'),(388,1,3,0,3,0,0,'WorkflowPermission','3','readonly'),(389,1,3,0,3,0,0,'WorkflowPermission','5','readonly'),(390,1,3,0,3,0,0,'WorkflowPermission','6','readonly'),(391,1,3,0,3,0,0,'WorkflowPermission','22','readonly'),(392,1,4,0,3,0,0,'WorkflowPermission','project_id','readonly'),(393,1,4,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(394,1,4,0,3,0,0,'WorkflowPermission','subject','readonly'),(395,1,4,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(396,1,4,0,3,0,0,'WorkflowPermission','is_private','readonly'),(397,1,4,0,3,0,0,'WorkflowPermission','description','readonly'),(398,1,4,0,3,0,0,'WorkflowPermission','1','readonly'),(399,1,4,0,3,0,0,'WorkflowPermission','2','readonly'),(400,1,4,0,3,0,0,'WorkflowPermission','10','readonly'),(401,1,4,0,3,0,0,'WorkflowPermission','20','readonly'),(402,1,4,0,3,0,0,'WorkflowPermission','8','readonly'),(403,1,4,0,3,0,0,'WorkflowPermission','15','readonly'),(404,1,4,0,3,0,0,'WorkflowPermission','11','readonly'),(405,1,4,0,3,0,0,'WorkflowPermission','12','readonly'),(406,1,4,0,3,0,0,'WorkflowPermission','19','readonly'),(407,1,4,0,3,0,0,'WorkflowPermission','7','readonly'),(408,1,4,0,3,0,0,'WorkflowPermission','3','readonly'),(409,1,4,0,3,0,0,'WorkflowPermission','5','readonly'),(410,1,4,0,3,0,0,'WorkflowPermission','6','readonly'),(411,1,4,0,3,0,0,'WorkflowPermission','22','readonly'),(412,1,5,0,3,0,0,'WorkflowPermission','project_id','readonly'),(413,1,5,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(414,1,5,0,3,0,0,'WorkflowPermission','subject','readonly'),(415,1,5,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(416,1,5,0,3,0,0,'WorkflowPermission','is_private','readonly'),(417,1,5,0,3,0,0,'WorkflowPermission','description','readonly'),(418,1,5,0,3,0,0,'WorkflowPermission','1','readonly'),(419,1,5,0,3,0,0,'WorkflowPermission','2','readonly'),(420,1,5,0,3,0,0,'WorkflowPermission','10','readonly'),(421,1,5,0,3,0,0,'WorkflowPermission','20','readonly'),(422,1,5,0,3,0,0,'WorkflowPermission','8','readonly'),(423,1,5,0,3,0,0,'WorkflowPermission','15','readonly'),(424,1,5,0,3,0,0,'WorkflowPermission','11','readonly'),(425,1,5,0,3,0,0,'WorkflowPermission','12','readonly'),(426,1,5,0,3,0,0,'WorkflowPermission','19','readonly'),(427,1,5,0,3,0,0,'WorkflowPermission','7','readonly'),(428,1,5,0,3,0,0,'WorkflowPermission','3','readonly'),(429,1,5,0,3,0,0,'WorkflowPermission','5','readonly'),(430,1,5,0,3,0,0,'WorkflowPermission','6','readonly'),(431,1,5,0,3,0,0,'WorkflowPermission','22','readonly'),(432,1,6,0,3,0,0,'WorkflowPermission','project_id','readonly'),(433,1,6,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(434,1,6,0,3,0,0,'WorkflowPermission','subject','readonly'),(435,1,6,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(436,1,6,0,3,0,0,'WorkflowPermission','is_private','readonly'),(437,1,6,0,3,0,0,'WorkflowPermission','description','readonly'),(438,1,6,0,3,0,0,'WorkflowPermission','1','readonly'),(439,1,6,0,3,0,0,'WorkflowPermission','2','readonly'),(440,1,6,0,3,0,0,'WorkflowPermission','10','readonly'),(441,1,6,0,3,0,0,'WorkflowPermission','20','readonly'),(442,1,6,0,3,0,0,'WorkflowPermission','8','readonly'),(443,1,6,0,3,0,0,'WorkflowPermission','15','readonly'),(444,1,6,0,3,0,0,'WorkflowPermission','11','readonly'),(445,1,6,0,3,0,0,'WorkflowPermission','12','readonly'),(446,1,6,0,3,0,0,'WorkflowPermission','19','readonly'),(447,1,6,0,3,0,0,'WorkflowPermission','7','readonly'),(448,1,6,0,3,0,0,'WorkflowPermission','3','readonly'),(449,1,6,0,3,0,0,'WorkflowPermission','5','readonly'),(450,1,6,0,3,0,0,'WorkflowPermission','6','readonly'),(451,1,6,0,3,0,0,'WorkflowPermission','22','readonly'),(537,1,2,0,2,0,0,'WorkflowPermission','project_id','readonly'),(538,1,2,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(539,1,2,0,2,0,0,'WorkflowPermission','subject','readonly'),(540,1,2,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(541,1,2,0,2,0,0,'WorkflowPermission','is_private','readonly'),(542,1,2,0,2,0,0,'WorkflowPermission','description','readonly'),(543,1,2,0,2,0,0,'WorkflowPermission','1','readonly'),(544,1,2,0,2,0,0,'WorkflowPermission','2','readonly'),(545,1,2,0,2,0,0,'WorkflowPermission','10','readonly'),(546,1,2,0,2,0,0,'WorkflowPermission','20','readonly'),(547,1,2,0,2,0,0,'WorkflowPermission','8','readonly'),(548,1,2,0,2,0,0,'WorkflowPermission','15','readonly'),(549,1,2,0,2,0,0,'WorkflowPermission','11','readonly'),(550,1,2,0,2,0,0,'WorkflowPermission','12','readonly'),(551,1,2,0,2,0,0,'WorkflowPermission','19','readonly'),(552,1,2,0,2,0,0,'WorkflowPermission','17','readonly'),(553,1,2,0,2,0,0,'WorkflowPermission','7','readonly'),(554,1,2,0,2,0,0,'WorkflowPermission','3','readonly'),(555,1,2,0,2,0,0,'WorkflowPermission','5','readonly'),(556,1,2,0,2,0,0,'WorkflowPermission','6','readonly'),(557,1,2,0,2,0,0,'WorkflowPermission','22','readonly'),(558,1,3,0,2,0,0,'WorkflowPermission','project_id','readonly'),(559,1,3,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(560,1,3,0,2,0,0,'WorkflowPermission','subject','readonly'),(561,1,3,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(562,1,3,0,2,0,0,'WorkflowPermission','is_private','readonly'),(563,1,3,0,2,0,0,'WorkflowPermission','description','readonly'),(564,1,3,0,2,0,0,'WorkflowPermission','1','readonly'),(565,1,3,0,2,0,0,'WorkflowPermission','2','readonly'),(566,1,3,0,2,0,0,'WorkflowPermission','10','readonly'),(567,1,3,0,2,0,0,'WorkflowPermission','20','readonly'),(568,1,3,0,2,0,0,'WorkflowPermission','8','readonly'),(569,1,3,0,2,0,0,'WorkflowPermission','15','readonly'),(570,1,3,0,2,0,0,'WorkflowPermission','11','readonly'),(571,1,3,0,2,0,0,'WorkflowPermission','12','readonly'),(572,1,3,0,2,0,0,'WorkflowPermission','19','readonly'),(573,1,3,0,2,0,0,'WorkflowPermission','17','readonly'),(574,1,3,0,2,0,0,'WorkflowPermission','7','readonly'),(575,1,3,0,2,0,0,'WorkflowPermission','3','readonly'),(576,1,3,0,2,0,0,'WorkflowPermission','5','readonly'),(577,1,3,0,2,0,0,'WorkflowPermission','6','readonly'),(578,1,3,0,2,0,0,'WorkflowPermission','22','readonly'),(579,1,4,0,2,0,0,'WorkflowPermission','project_id','readonly'),(580,1,4,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(581,1,4,0,2,0,0,'WorkflowPermission','subject','readonly'),(582,1,4,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(583,1,4,0,2,0,0,'WorkflowPermission','is_private','readonly'),(584,1,4,0,2,0,0,'WorkflowPermission','description','readonly'),(585,1,4,0,2,0,0,'WorkflowPermission','1','readonly'),(586,1,4,0,2,0,0,'WorkflowPermission','2','readonly'),(587,1,4,0,2,0,0,'WorkflowPermission','10','readonly'),(588,1,4,0,2,0,0,'WorkflowPermission','20','readonly'),(589,1,4,0,2,0,0,'WorkflowPermission','8','readonly'),(590,1,4,0,2,0,0,'WorkflowPermission','15','readonly'),(591,1,4,0,2,0,0,'WorkflowPermission','11','readonly'),(592,1,4,0,2,0,0,'WorkflowPermission','12','readonly'),(593,1,4,0,2,0,0,'WorkflowPermission','19','readonly'),(594,1,4,0,2,0,0,'WorkflowPermission','17','readonly'),(595,1,4,0,2,0,0,'WorkflowPermission','7','readonly'),(596,1,4,0,2,0,0,'WorkflowPermission','3','readonly'),(597,1,4,0,2,0,0,'WorkflowPermission','5','readonly'),(598,1,4,0,2,0,0,'WorkflowPermission','6','readonly'),(599,1,4,0,2,0,0,'WorkflowPermission','22','readonly'),(600,1,5,0,2,0,0,'WorkflowPermission','project_id','readonly'),(601,1,5,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(602,1,5,0,2,0,0,'WorkflowPermission','subject','readonly'),(603,1,5,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(604,1,5,0,2,0,0,'WorkflowPermission','is_private','readonly'),(605,1,5,0,2,0,0,'WorkflowPermission','description','readonly'),(606,1,5,0,2,0,0,'WorkflowPermission','1','readonly'),(607,1,5,0,2,0,0,'WorkflowPermission','2','readonly'),(608,1,5,0,2,0,0,'WorkflowPermission','10','readonly'),(609,1,5,0,2,0,0,'WorkflowPermission','20','readonly'),(610,1,5,0,2,0,0,'WorkflowPermission','8','readonly'),(611,1,5,0,2,0,0,'WorkflowPermission','15','readonly'),(612,1,5,0,2,0,0,'WorkflowPermission','11','readonly'),(613,1,5,0,2,0,0,'WorkflowPermission','12','readonly'),(614,1,5,0,2,0,0,'WorkflowPermission','19','readonly'),(615,1,5,0,2,0,0,'WorkflowPermission','17','readonly'),(616,1,5,0,2,0,0,'WorkflowPermission','7','readonly'),(617,1,5,0,2,0,0,'WorkflowPermission','3','readonly'),(618,1,5,0,2,0,0,'WorkflowPermission','5','readonly'),(619,1,5,0,2,0,0,'WorkflowPermission','6','readonly'),(620,1,5,0,2,0,0,'WorkflowPermission','22','readonly'),(621,1,6,0,2,0,0,'WorkflowPermission','project_id','readonly'),(622,1,6,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(623,1,6,0,2,0,0,'WorkflowPermission','subject','readonly'),(624,1,6,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(625,1,6,0,2,0,0,'WorkflowPermission','is_private','readonly'),(626,1,6,0,2,0,0,'WorkflowPermission','description','readonly'),(627,1,6,0,2,0,0,'WorkflowPermission','1','readonly'),(628,1,6,0,2,0,0,'WorkflowPermission','2','readonly'),(629,1,6,0,2,0,0,'WorkflowPermission','10','readonly'),(630,1,6,0,2,0,0,'WorkflowPermission','20','readonly'),(631,1,6,0,2,0,0,'WorkflowPermission','8','readonly'),(632,1,6,0,2,0,0,'WorkflowPermission','15','readonly'),(633,1,6,0,2,0,0,'WorkflowPermission','11','readonly'),(634,1,6,0,2,0,0,'WorkflowPermission','12','readonly'),(635,1,6,0,2,0,0,'WorkflowPermission','19','readonly'),(636,1,6,0,2,0,0,'WorkflowPermission','17','readonly'),(637,1,6,0,2,0,0,'WorkflowPermission','7','readonly'),(638,1,6,0,2,0,0,'WorkflowPermission','3','readonly'),(639,1,6,0,2,0,0,'WorkflowPermission','5','readonly'),(640,1,6,0,2,0,0,'WorkflowPermission','6','readonly'),(641,1,6,0,2,0,0,'WorkflowPermission','22','readonly'); /*!40000 ALTER TABLE `workflows` ENABLE KEYS */; UNLOCK TABLES; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; @@ -1764,4 +1764,4 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2020-07-01 20:41:10 +-- Dump completed on 2020-07-10 23:39:20 diff --git a/salt/playbook/files/redmine.db b/salt/playbook/files/redmine.db deleted file mode 100644 index 520f0b3c36d4c62f9b41bd2967801a4b5d47f774..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2207744 zcmeF434j|_{rD&MIWtR3SxPCLF2{D;W;Zjr!@0Bz6iQoqP!1tXlF4q`97{53yMREl z+;WSesNnTOMFm6z1O!Du#0ybDQQ;4Y2g-dZp!~n@y-7CNO}B>>+Vb6Lzwi6ryz}#p znaP`ZZ^bc-v$`f_ilw}&O98HfGnu$UB#GnFcXOP12FICnj^nNb{YEgY@W1|Nsw*2e zAr9Zmci6y#N4&=j#@*r{#J`G9i;sy9i}#E7h;NCHh_8t+h<9u}4m^VdkN^@u0!RP} zAOR$R1dsp{Kmter32>jQO#=$2RL=mJtqy|xd~JV_nd$i{6hjr00|%gB!C2v01`j~NB{{S0VIF~b{Ycb)$C+a z-X#8w6zOJW>@=mrf*=7TfCP{L5pgAYl@3=HMUxAps}N4V_B)VMoZ~xMK8kg^f1NUJ3J!C{81$& z2LfTmpJ+L==V7|GLGRn(8y?YziUnUeRmu+Qk)S`RrL}M>p!w5^5>vEHG~&;wsZ=+?qe z>i4#9u#@DD7jNQR;z~|@ReV6qh>wbwiC+*;7rz5e_=g0L01`j~NB{{S0VIF~kN^@u z0!RP}OhTZ;W!cx1%?}q#dIC1r%a_elEtYvEt)M1zS~`)3_w{pH**V2wndi!u%M~qA z(sK0YjdF(#g66e+QY$4&Met?w+AT9p>$T)ivADME6z}Ei9OraeI$i6tYqMqXuf*;# zTc(@!;##dx<}RITwRBrjl`{Nfl31taDq5L)U=8HfThFn_WSQw&uj;8GtyCu8|HGz# z_=g0L01`j~NB{{S0VIF~kN^@u0!RP}?8F3k%ca~@?k2OS36BXO{xa|9yxrVQ?w8#k zaXsLgYFh3Xw*Sm}yLCVFn`Woe_kn|`O5!xm*EfxW-z}Ujr^yBHi8!mP`9rQcB-Urs`cNXLjub0; zT3npZ783angk2<+*S%-|debSmxahI#qMCcH?|K)2e+&wh38R z^_U6SUZ9pWsULDVavJ=6G?w{QrCd3s782QFVuhxbQbQ7yVt9TUUfjtR<`drYAsbMh z1p~`hs`@guTn6|Hm#hGPhNsM_>B9W%uzTvZDkuEnm0Fuf7B{%7yY2;*wC{A*j$B4N z8kkVp71_aps#i*yv}j>jFG1z+vbC9;(1@TS##fBz67EwUcpqz%fvT`4;F`WkT%=9c zL3M0PP+#`UfadC(_Q1YPz06gcHlYIhSFYS|!BNsmEj3igo?6ky8th6~|5S$dNKC~r z1BMwi%#dM*4KrexQNxTeQ}!FC5ua?tCmZp}MtrgnpKQb@8}Z3Te6kUrV#KEy@hL`p ziV>e;#HSeXDMoyX5uakjrx@`CjQ9dZd;ufAfDvE7h%aEo7ck-r81V&+_yR_JK_kAP z5ns@VFKEOUG~x>y@db_ef<}BnBfg*!U&x3rWW*OT;tLt^g^c(@MtmV7zK{`L2;zff zY>ux=du-O#Vd=0|qQAGRIcZ5z*UF@CTHmwwI_cFRIvuh&W17}9%sQ)Wt`2NfpRwk; zK3hl^*O#H8<+6p!1~AnET)wiU3UMozp>3B&+``rtV*E(d<`Thi)szIiZsxRVWD~hx zpz7LSu{6?>eP4N`oG%t2w@?;evXafg#niCDB1S1g&8xZfYDqI}MIB}->Yj@0;gU0? z!L@hFHY{hguM?`MbK2@n6mqe)4zkj?dgqGkA)k2wSIL7ilpP!b171PZvnjZyd$(nd zcb!Iays5h)xSGK&477F6)@EkHMQqZxK4llkR{g5sG&!e{o3)7-+5QT=u3KW4SMy5f zjqh3R+FW9*(>owjvm1Ai?DlNp9prM2-U7n?A1Sl@JBPN*SsEg2^nj%!11-yv!nyAqMArRlGK1Y;|vEQ?v%yR<7i9 z_Owujff72B?LEuvMmrLD2J_k>gPq3xs?)_XIC11znbl#Ao!-~KXZdOavAVk%vNLOw zyp|@(*A76Okg~jIIhu?VbS#|z-wp;?%mNZX0!RP}AOR$R1dsp{Kmter2_S)ONq`r> z$xRUl$@l+{i;svu7Oxkt6F((hA&!b?h!wFQ{!_e992D;oZxt_s|Kxa9JYGD0TjmMl zMgm9x2_OL^fCP{L5jnPYO{l3w~BAIWMX%4+{0=!gJHHpM6hUBWVX^`gK#D9ygi2o4(EdEh^ zO#FrTkoW`fPVw8~H^l!FuNAKrFBdNqYp^z;F6LpSz=U|5c#L?YxIjEW42ivBw6gbl)}!WtnZ zd_-6!ED;VD4iRF4BFq!^5oQXz38LT>O#EB?tNcItXZa`j$N5M2AM^L|ck#FK-{i07 zuj4<(U%_9*kMd{m6~4d^@~7~}^UL|8_=Ws|e3wVMvlK1c4 zXS~1n{@VL9?}OfZy?1!O<-NiCCGTgwpYUGlJ>Pq_cf?!ruB9-52mT=eB!C2v01`j~ zNB{{S0VJ?>1Wa#@UUU?Eq4kB)i{^sy`O%BuImUF|=!H2jE*!m(oV#H3!fr5XqZgb8 zMs@Uplfk%e^nw5wcZ^;z4UF%Oo<9i2oulV32IB{#=aT^UjGhk{a{kfndz6{dW&A_N@J90~mYM{&NZ#|E~Qf2FAZ?{~-w8ti3~+y-|DT zFfd-Py+aVZT6_C+FkY#>eJmI+*WM08A;7j9*uu59;Stajs=ZYPBUpRuBVYt-Z$-dR zYH!U3L$3Y%OfdYlf0Huw*8aUe7{1!S_X5LI`_~y@aJ7G_5a-*qe;owIziR)2GI0N{ z{mTW$TeUYUVEniC<}qNrQ+qQG0Xk}LlAMXPH%LtjwKo!A@U=Hc)ZW?~5H z%~pH;1Td_%*GUCfYOj+ly;OURoV&O78p+a6Yp)###!qUmkwX8t_L>ij2Wzi6!FZtd zDj|4(?bQWf{IK@wd@y#cy-Er_rS?h^jH$I(4glkmwO2@%9;&@eO7w8;WzxXTuf0qf z-+8r{3EgvRFXg~Er}h%5#?jhK17OUlz0?mzckQJA%Fn&<``&nSzTl@R*VBAytJNb~0vpGjNVV-xHcc$lQQ1K55AOR$R1dsp{ zKmyx_z6niEVZ0X`M}AiYihnPnJXsy@~{ArRx-|&`&PgtjXn#@y5)uq0)wyv)Lt0hhF3b;vRIF z^!FyQR-k@$>4-%uRvxx!@j$mE?JWU~f+p!jDWm3~@`sCMSfpW{1|(TtXl|gH!Lm?| zfGZZAFmRy1l|a3L`BH{^st9XGQLIv(DDS3;G}34^s#S%xh2r`G)D>ArB2E{K;N7q) zQ@s*kg%8#!j7FL;8fm@h7-x0TvKpI|g(W!}4+i4?NN+R}2>9i=)dAgX-+lY-YPy_J z%jpUKTf+vzaeuH^3CiJURJM??Qz2}Be}8k()*wna9+Z0np0p=(RfZH(ydy^|Eg+?=Gl$=-Fd9d<=(= z;P9yh-#`P0&xqM~w80_a=iS4lY!Mb98G*rp3~Y7y00`EQfpu@<5_r-_h9M2L07ER) zQ=@9>c6Y&G+#l)<`NQFGXmq)WRP8iUwPej4tW?qbg_WyZM@ec_g0VIF~kN^@u0!RP}AOR$R1dsp{*g*+cEiRLd2rCg5BFq*GEQ|={ zaS2!2#3#ku#E*+P@epx}@T72;aODnKP|P+GKmter2_OL^fCP{L5r zZf}#bk9zUSE7+$@u`8&a6D zC{K2OftQkObi0OS#>*FECm48Lg5&nKLWY^&&Q+yBD3o=AM}^~NTio0B?N>Y zo37gu{~w^=>Z!0mqG>eY;vGJp&mAum6J;%zNfe5DHj~xTaj9GGcE`z@qVU3YIZ=j1 zA<43Vl3Gr=FzNC?LDYbNR1kN|&gEcNm zwqQlS(?9Btm$VdQHaC(W3!Nrlxyv=M+9#}O2&YMD05`0Jzj=SvQ(+NE%E$hp;Zq$l z!NQlLOI`eAMcznNN++Jws5YW+q>2XBg03e{D;D#xIHNnxta)fBLr_WK_pZThqAAqh z|KGgEfWD9b5=^>bk3Yb z4oEBe4_!PUb=94_q&Z#LbQkQSrE7z*Aj-1ki;nJJe!O(l!0}T5s+CI@ErD=H4=hC;W4r_&a!7uUl6ZA{K?ZN1EKtJ?1P zCe~=QEe%nn8>lr}_MCvfr{S@+b+1!%m9Z``C%93MDVQvRsU4V6>XOK&ZaS=a)YA5c ziEHcmo?~~ncg~w;I-PDJRnXR#n)dU1@OarEhm4eWtz`RiK&X z6SOImTP)sIpe^UNiY$vEdm1#9ma%t|7TOe~X=rUzEW&`51SUsw=}m()+CIVGQw_Tv zow1my=4eJjBPu8K5^R777o+Cr$6P&aA&m=4Xf+4lbnc8qH{lU7?%H_9jfOlf<8@c} zWErn}+VYII={;>~tA{_DJMz65cu(lHcltU_XVFn+eRgfOd6=Pgzfn?SoEh(j4K&o1 z6t}4WJ=Fo9qqDQqRLjzKLH$tC*9xx@xVepP*4;=`YW2aUd0d5E_ewgQm>)NuG~Lj! z?MEkedASi$50Jj-y`lZT#_$ShipJN zA42vVZnbxw7&39R{taI+m=>u$p~5X0+#Qw*YAykrFREm(#Dv_=)mB|%add`4rrNivbeWvOxR$t?TObB3Zg)!kgAz|!`IXR6UGXHNE zuQkKoe@~0|ijRmliP!$GjSs^k0VIF~kN^@u0!RP}AOR$R1dsp{KmuDrKy=u-nNAb8 zFk2>5X=%G)Ck`%dQJ#GSB3hY;MFlb&u}-s!Hs;U|vu$8c+jxten+{RXT@y45$9YY5 zu9L)BQZu@lcRay)t+#OA?|bKYe2&BHpSDkRU*LL6IM(^5^%m!;&QrG}zvveUAOR$> zEeX_4KH1SZd$#FZV-jgdEevY#`5XKQTG#e({dsik1o>UGdG4V8^ZvLWh{-2*<*Z&T zjkHV*)qTS+#wBfCwhX`KPW*M1{G1Hm3TAcqHGJ%B{Y?hr<%qhE)|uSK@6|>eE#KjY3eO-i$wpmFCX%n8js+Cio;Y99KV_&DF=tVgs~__(vTTH%w=(XkB>~evvrW|l8LCF7P0(Hka@|;eJ-}eJYRRHw zRt-o-%NjdB7RJETh>b96?Z!Z;(QA7KPjYkyW}2!Vnh9g7q`7U^o%U_5rMmNk)?7a^ zz8Uk!aMx@lscjsr>N(EQIRKMReUw3cD!MTb-&Dj2=N7k8nQ*=-EUTCaKE`vZcCBVp zU@*-Jce)e&PjEQO$b#{%+Jy7t5@^i&)<@!&w>>uZHGtC(reo5mk7km7uMJHw$0qj1 zSr2W^;JC9Sd(Bs(%^H(f9GMclN75X&J`6z%XFl}e#?IF>+xlWi2S^b;HoX|0wC=O-jrFMspZnPF~M2k;Jn$+nGq?)D%3X!l3xd#2~j zrnOQZ9P8#jt#wd$9^WVG?RwnZnbFl-nt0n@-FmUEdl}!x%c)X!n9R(NUDwCFLR-@^ z8CX04o~0+b-KxJp(DL41J(l`SSDSbD8XeE@Ltb!U>qE4@2RGhd{auvt_jldJVXe>& znJ&Ytwy+#Tn<5p81#Rrr+aA(Z?c!4)OO7FURh=MzlmRh)0M7rRi>w9tj3>y6u>T)? z1Ms}~H}Oy6lj85hUyHvG9~K`Fzc1b;-X?xa{D$}y@r&Z;#7~JI7cUhr6weXQ5>FE= z;;^_@%!sP^5plJ+Ts&GlLR=soB*w&`*eA{v_Z1~^hPa!!i|7>{qFMNl@Gs$2;RWIE z!k>kwgeQdG2#*Lq5grtNAlxn7F5Dt~Q~0XzCE;4()52B4Wx_?mxx(4P>B2hUR3Rq} z3Q6H4;W%N1utZoSEEEnF;zCI93-g5igxSKLLZ>iA;032(;s4A3n}3aek$;YVmj8eJ z@A=30U-CcYf5hL%e~-U||2BUk|26*0{B`^_{3rO!`H%7E@n`d=@j74NhxjD_5&l?y z8Gj_dkUxlz@(Mqn-;bC0J@{RDfp_v|?>pW%yf1m5^ZwcUr1!VpN4-DwJ_v75-08j5 zd!zTO-Y;0tna_>dnbG&DIH+W0loHye=#e0HxrFV(<2=AfZ1H56c-#gd4k9RNc z?%pY0uh;J7Ja2hk^St2so97wNA3TqF9`QWvx!-e-=MK*;o^N=r_k7-Sjpr)QrJf5s zHP0EIb)I3*8c*7DvgbI@a?fJVVV*-gaZk|wq?Vw8BcUy1R4zjV`X2B69t<`Z5l}B>kdPW_`HtESGz0jne)})^| zrhBfj?plurO(cK>+7U3XY3KSux!Ei(GxrRYPgD8-sC@JeAi`c`cQnqw=#< zeum0xsQfgQpQ7?=DnCi(C#bxN%8yfdC6!lDc{!DrQF$qqmr!{zl^>(>A}TMW@&YQ) zr}8{1&!zGlDo3fTQCX$(Y^%j(I*W)iiTEfHXAp5Z5vLI`Lc|6l))TRghzb!p5oIDu zM4U>*FcC!}3Pj|I$PuxYh&4oHi5MbckcbQs8WCwCQbZ()P>DE&hy)QQ6LAs|A0gsI zB2FOUcp{D?Vl@%R60wSil|-x{VmT4V5V4Gir9>#6Cn{Xi-^65m`TK*M9d&!4ai#gOEew`#6!{ENGKEwM#=L(*YV+GjHN~bNB{{S0VIF~kN^@u0!RP}AOR%sVIe@? z|HtS54@+%hIgtPoKmter2_OL^fCP{L5&2_Y8m#PhvbY#l^4m|GDssZ}uv*`b zsK*Zz9xN*oKmter2_OL^fCP{L540Crs4K9Bjb4hb|y#_ANj=8Mn?(%@kpT=B{ z;_jRcE>DlS9L#+;3@%TNxhUKnM}f;DV=nt~x1S6y4~@A@=Wf%%<-su*p8L)P`2IgI z!9OH`1dsp{Kmter2_OL^fCP{L5_)xDLnVc5$w-+;uoV)w{pv7oMd14fjRv zyuo8q^$YTeXi%Et>IbY9y>GAvK)Ngd)+55=lmbekC1E z1=Oe#jAa6<9L_Z2gt7(VekC3Z^#(%GKorW%N=^1hhBM@3Z&(Qj{E@XI;}VlY{zxpS z`ZLj3G6Naa{7S|jh(KXt{!}QW#Ue_?A4w@JO4+A`$$rWZYar4ajt1nIQMAUHU_9XO z4F*C1#h>vxIM-CDHFY=})|61juR@hYk|8aVl#{9!NT(yIOj1cF!@+ba6IKF#wJ}8l zS&zgOh%M3^j6s>8!q}$IWV`0pGv4dDHN%h;X&^@XNNIs+I7Zq>EEtN#l3GfU6)0#X z8cxSjz*Gy!K^0mMB?XyRBt?!xE0C4mP>4`$oC%RL!C+jLd%-Q{53DJ+rWFn*(-|$L zDls{o@uy>f2GuUXz&ut)?tWhSFW zp)jdT%%9Pq)d%EMESynOu}Cl!3P+=v6l-y^pG+jm(3cf5kr+^*!$4J%T=;zfnQR?S z{>7j-gp_bJt3bgz$w&pUrptj~2s(c>BL~v4Ocbgt98=R7ITauSh6cSl6!rUINNH}| zQNj@F3w9z8Dl943>zwUU-h77V&){1sQ@&OrY;Mm3cyzFy>cuH1MtSr2={Q=_oYy4PaoF=l~fc))nqCf z2?c|}qzq$WETqO_DLOEwGH}HSkj&RxH5&>8WOsRJXpxw|WhjKJO*pQ|y--$Y@mbzz z7IxY!BI#gSP5Hwz3`t=acGIwRebf(wgq&8PVWy#-L(9*AD;e|ZyVyeu490q)S;7dl z@iUzGiTAHr3|XLSk>*Z|1^p)$fPoJ#C&^?CE)I&CmXpB@T&)ynFcIimpukm>7OOEs zACCKF7WvjDMJ;gqin|;#s*)CWA zF7T!AG;Z3_&VX9ci+PoN>8rpy4=~LLFCL`eRe?|@9D)}GG}YMP>^Qjtik<&~CboW>v?%h@@udZJ@0H{+xk zGn_32EvUJXvYv)_i_(DrysHq<)KD;#O2MliijsjzRV@SWw7{zu0Vt57GVg}L=BCHJ z?*wnN1f%sbLP_AI1^D_IUT1(=*GM$vHzt$e4Ert`=3~RXQ6&OzLe$F$^We!)2wv&X z3p^jhSydi zF*y}Z2Q#U#3h$&qq|qR}yaewD1mIl{KY6K3_OGZ6Yo&e?qP1i)`LG*a{0M}|n_MLA z#+)&{sT1pkoCca+8LH<>3G@bGHeQxVxzt=P8VH3`@M=;Z8c0XUOI7efR$5k6GGnbm zbxtUj5?E`U%JDou%jx7unYy_i4n9YRb}*7JR>~9d5{ULHG+Dwy~*OE*lTa%;`R+O*-XhzaU;Jo-PiFtHeXaK5qwA>6G(5&&dDEC2_6Is@dp0>m6*$;WiVDG2MX24Mxpa7S(Th7+uj>h}l0SEu0w-yHZuayaDgsO?sF zf{!BPAe`u^O=~y-4OpZQGO?@SqyP$7=F$(orcx(Z!xG|($uh~;6vGKtyagDrRAEPL z7sCkv`e6}860oDiDWpI^vBe3#Ug@X_bteEF2m}>y;u}s-YRDQy?`2MY_}Bv$^n`Cd zI%*!nDF~?nF9k@r>rQ@H#MdA22Rmvm>IBsokYO!HpwUrt)}6>go(e6Hqu~Sr6@MUT z6Yt=h;#JU6P4mQWh}Vm^h@Tg)60Z>-79VLk-V%-D18dTlFcLrlNB{{S0VIF~kN^@u z0!RP}Ac38ZfN92O_JJqz13#mIoOaC#P{8k9eGteaKLNU_^HYBDF>cEEVw)C!ZZ(`e z=33%^?)bCq?KW_>iqC;GT`#^Zz9GIuE$uy{D-u8gNB{{S0VIF~kN^@u0!RP}AOR$> z-4ifxFBCONE-SPFMpg11uK~6XHTItPZf7;O76!zrz28 ze}exxe;Di@axgOWut41n&~>q291}u6Hl*6tCU$mgfb}GoHsh4}0$M+~T?3bB*UxPtCK= zv&M6>XSwGvPu$b%>GJI6al8NPe#QM4_Y>})yYF+~=Dxvwt@}#%dG6EP1$WYYtoum! zL2kvppL-9t;O1Pfxc=;V%=M7#PS-bF*Saou)m*wO<2ufDr0W1zuS;@Gaao;jIREB+ z!ueC@JbTzVDaS>Q zGaLoSDURiig^sXej$;pp*ZyDoOZI2%zqUVUzr%im{j>HW^9VCVk8Y`H?>%=Q4YJ-}@DGu!>l_Csd-A+z1bZ1*wS518!-%=Ud|`#!VX%WU^D+da&7 z53_xb*}lhYcQf1F%yt*E-NkHoGTWWZ_FZQCF0}?JLZ7J+ocUZ2!k>|Ho`!X0|Ug+n1Q_OU(8~ zX8R(ueSz7&z-*sqw$C%$b%50Z1+a=6)3A0_yY!@@z$C&M7%ytp8UBqk`GTVjBb^)_pz-;F;+xg6P z9s_RrQQ@u>} z64gsoKb7jIQhk`}!&EO)y-4)})eBV5Q$0`h9MyAFUrY71R9{2&HB`@1Jxlc=st-|p zkm`d}&rm%>b&cv8)zef@Q$0oX6xEYdPf}f_x=Qs^sD2976I4%7{bZ`2O!bqfeiGF` zLiLYO{Y0vtNc9t_egf5xr~2_!KaT3hQGGSlS5y61svk@BRa9R^^_5g#N%a*}UqSWd zR9{Z@W2k-%)t6Cy8P%6keJRzKP<;v2kEZ(3R9{T>#Z*6v>PJ!iNU9%6^+i-)MD-)6 zegxGIr~2VkKaA>!QGI~w15{r~^@UVlK=lPwKa}c+QoWz*{Zv1M>W5JMV5%QX^@FH> z5Y-Q)`hiqGfa(WOeSfO&PxUy}<5Z7PJx28?)uU98P(4ERFxA6U4^cft^&r)QR1Z)+ zKy`)c3e{z*%T)JM-B0yCs`pX7m+HM#_fg$P_4!nvPxX0JpGWn%RG&-r9;)|HeGb*< zP`#V#-BjO?>ibcBU#jm*^?j(m57qak`rcIUqIwtAXH$JP)g`J+RG&rlSybPP>U&Xr zCe>$BeNU?IN%a|2pF#CKsJ;i)r&E18)pw`*?o{ujdMDL)qxx=CpGNg*RNs~AyHb5B z)u&Q@3e~4jeHW_lLiG-+cTioVx=3|_>H^hys`FI$Qr$~+57j+XcT?R>br;oLRCiL{ zNp%O+9aOhd-A;8I)ooO_Qr${*3)L-DH&fm0vbs81^yK;9Dn84>_x-Pm{}i7Ue`y?_ z5yv0v#jztHvSWcr58>X8AN)D*=i$C|$3I*@+PcGeI2;GV5rLx*j&3++!O;na2#3Sz zaJ&o0n{d1c$6w)i3XaF&_yrt4g5zE|ZinM0IKBeMb#Pn_$7OJw564+>tcRlr#~>UD zI99{46pq8;I2euy9DQ(f!!ZkvPB=t3;LrXp9B;z$A{>8(<0&{EhvOF?wx?k%FA_ik z?>zx0iPCj1>>f=3fo-DZ_l+Fn?i~KQhdF4fA%xyvZ=X zVwl$%=GBIInPHx9m}eR0dc!Ol=AdCF40AOz;q}3@32*%SUS`4`@#k9HpV#yi?AW)t_U zl^TDxP~%T#o5k$np5Z-Da}N6nobWh*n)@HFJDpcLHh>lXkN^@u0!RP}Y$bu(j9mnd z>nXdco)ACVRLw5TmepiVOH0dg>PXq=^SR5qs#nU1Y&!0iqyE2(<16qmXV>>>{9 z)Lca?lXE_)JJRhYL3~o2g(6xilTdvuz@-SpMp^pq}aVeKA>)=*W*C$F^PSvx; z0{AmrhD*i4l2$G!aCu;<0k7x%Yv#%&}+}_m{uIfz6MqF4@Gx}Jo(MxJ-tybE+W)tk*qE;qv zq?I)gHkw<#l_`<;yt!>&)2j6fz$s8&)!@|Jh6=h?DyTWqhPIT~X12LSMiQH7bK4KF zYMF-tX;!7dt3Q|9`c~C;Fxn2A3H&nm>8%{WG1#^wP&>gZa<2aB>c$1KssAo0=JS<8 zRv(d8WC!!=7F-Ha^^jZK@7uQM3EelKd_d#f#xKL|F0cF9VQ}2H=_1mf(zENdt?%z! za<3BDajqg{|37Z$`003Cc2SQ*45$siSu*LQ=J1&0ls^`*0IJBfiK)|wrA})5veM4$_ zD9(NtTTvM%lTPvY5#Y8us}C(Iq_dffR?-T3e<}qtT5g!yS_89Kaj6?7N!Wx_!kAis zIXal33wOIy#lkwRq$et+TwEH`_2GD5pBz(q<#4oD4)q4*IPA3P@2h8}uS|a2Ou17f z4JPR}I}{1-R{VOL8c#_~Svj7d8NmMgn12Lo+7UL+6TvdN!{mv;v*$ zgiMYP=kJB>IU{l~8nST*Ho~P!MVK`-7(<<9+J=lqgW+goQP9Q(_OGW1ejAwuy*wWT zsW+%J_LbM7h3zsCiNOY-(Qsf~=F5ppv6NSJJzE%*+lC8 zjdm24WN1gxc+lS)h(tn>m~T%TH*+`?tm-fayc6}O~m}CZtm}GhpOfrYvG=gXY<|MNnhfsTD#_%{3Y;Lz&5HrLs}uAzwh2it=V9J)&XKOUj)0Bw3xCeSoWMVY=V!D#kj3^j+IygZy zZW~)T3_A^nBXexr{^G>ghAYWjHr2K?p_mehMC5K8*C+NDwDpOsuH_SXtx!qmYSIW2 z^O5$Uz?c*dD!svI05(ll_Oo%a*sl*&^2vgl&6UShQ=_y&;MN<6$)RA-zb~z(M&mU` z6{sd-@MDcO22G(i>W@bJ(F69eaeK@Cl`>3_v!0yEmdZMLn<0@?nKF(pO;3r0WjPkw zn{_f6!OFvG!H6LZZ9lK(+69wi(Qr64w+j;G`{}^P5^d|3Y*rkZJDd6?Z)F(KxAP0T zI|l>N`4Tj0z8^XYTvLh}*l1c?JJENrH|7t)X2uI<*|-&AKV%@KHF{i5EeuxFL7EmB zqXxBfwlKb8fk3b~8VW>%k%fENxK)!zq85sUk$kZ-p|R6gA~1HqzR)wF-garUt9m9h z7;VVqpt-7H_y|T|1aZB}^|0Y%6Y}60HtygV?M4^+@=EIkE96t6WJvT!;_ zp=b4+woudI_5j|7p>u5HPNU39%Q{0e?w8{s7+YcIZY6l&bm(|+i=vVnj0Eei=_2eU z4sQTui)pO{b9L!DtmY!f&`u+<{dc!^Rt*5g3fcw>uP+QvFSO9d&hP&BY;7aNxt8(3L-tRK^!uNM>arVpA6lt|Z% z3r}lvg+0+DN+{exZ&6qjgQa3+IH8u|#<2inuHK%z9D+e9EV5ghT(JzpL1h>QbTa0! zthZ0k9}D=y!Ya-h5+E$!-+EI90CcrnZ`E+KAxnO^2*={V2;2$=1Cgl0L;KjJAKv|1 z3zz!gEWGhWlPeV4)evmc4x`0^UK@8f+y=JX|FOb0UN37~N`Dk?q$2Y@Fr4nvpV73m z(HLQadt;C>s)b&IfMlh?~2N|2uZ(Okw58D7KU9P}7;<&X6;o=C*x~_r#Aq8Xs6>@m*arP-mwuJJ4gjMC z?N9ZqMWB7SKoA;Y)CwckE^z;&mQq7-gIXE@=U* z?W-2j(h;y4E38(_8=FGLC0LIS78@i>$*DQsP4)yWW$F4{^^mag77aPXLQ2^J>;PJ* zY>?IuWm7{^wk*L~n`sGFos?j0Q>{?eByF8aR#oejc=y;^ym20O9VI)Nl4Z@xurBf- ztg>85_Cox9utal8EvTiDRIv|sK+R`UK5+8snwsxR=8DO_JgnTQm5g)czLl_ATA0b+ z5j77PZ;cw3?}aTgdtm{`lGa-+4fesxj6;PitlU};%e!HnupzS7>M~U?Wm9XVLt!aK zSauE=z$$rhSTjXHtc%o8l&C-tSZb$x{jY~48CE8r%Pkv~`#F;|d$ z%8D5JLDjn*QD-)(X_GE*-IG#md7LEgtBWq`f7eQP3p4C}q?fR6bo0 z8CI_Zk}NMYH*DF*M!*$|P8c}Q-%6m~z0er zaeV>mN?WIqwYRf_L%ds82g?mFMx!tqX~Jlv^`>K-)k({0KdBsy1m)4CCKu;&otNVK zO{bi4io_b9nu9gJAsrv|fMjKGTsLCtf|jLa#r0Zg#gGOy2P^fFeSkBiVqQ`U&q1?{15fc z?IA(NDzqu=5wPOm_>chzz`L`Bw6+2I2y`A;Hgd?9gf-5~zPY@ctX2s9u7ShHaQFxg zpIYz@G;sKgn0-eZ91?yW)?sJsoI)QZ<4YYr0D@r&RxyoB;E8QjtQKITgL-PNP@DW7>X4pL$U4mDlQsO2>K zZ|LKu@)ffGv|o{TbBz5)vVAps-x+EV%YX!s01`j~NB{{S0VIF~kN^@u0!UzT0yzIa zIUhWW1dsp{Kmter2_OL^fCP{L5IB5P0%raBzsU(zB!C2v01`j~NB{{S0VIF~kN^@u0!UydBY^M!?_?E< z#X$l{00|%gB!C2v01`j~NB{{S0VL3dKz;sSe6h_*bV34100|%gB!C2v01`j~NB{{S z0VIF~b_xRZ=l`9eFjxpAfCP{L5QxU-V|DCEju`oyg2_OL^fCP{L5+2_OL^fCP{L5cqkz0VIF~kN^@u0!RP}AOR$R z1dsp{XiI>+|8Ewb;KYB5PlykR54H7#jz|CrAOR$R1dsp{Kmter2_OL^fCP}h_D5h3 zlBEu(m2>S|&JO0)gqF_g#nKcLxb$Sp<%*WjOKNIuwlGNM|IOl?ocNCTrue-0{PtHE z%n=em0!RP}AOR$R1dsp{Kmter2_OL^uvG-yoYmqoIV~2Ki#I*bMND^ETu->}aDCFH zyOz6pU2f-JoIiA4=RDoH+8K0qIR5E)$bPh==3krcG=I%}rg^z}Khs;bZ`!K1RW`-?Z|iTYw^%n=S6cm+H!OGC*E_!4 zdYJBPJV4)bs(m(%5R%Cl!$R~JibGr8jWWm+i@Kk;OX z1^N?@R!U^kB~48i3%L<{k)!K9(j4?%bn4Zq7wYnuqX-Z_`08)bkzOcw2&%TC;c*G8<7i%F~|rwPc+n`yP#C&oLhmb8MNV84Zp0g7Cl zY6;n@>p{t2893N0Qsk4rq^D;cH3LvDrZ*SIle*J_3GR^+wXj;-=HTd_4(RC(thap3B#g^y^)#O_erx7uIk{^+OkE=eNy~taKugHY?*y|(k0T*nq%6=l8Ue?s+keG5$><|};wbPr z2GLn>x?^6$7n^7{jDFFGY?Bq_xSG3eYX{Z$A)GXNJcU$mzm1V%tmv+{U2ivy)U!Wv z0twM*an?4pW>-6!{WJ}FW6{p8@~wUvOq>09Tm7`jo>ZlM7dnqI228BH*;U#}>shv1 z8qKdcDMw3EmbTfkxB6+D9UJvi&raKDtj*C_#(G0@c4&L6XW7!O`OdC#t?{(W&RNa5 zu{1jASW42F;A5=qw?QMF-r}Q8iKNq7e6-2OEIPi`E2&Kso-c8azYp#G{Z1lsF|F(R zz&_UUHaT!aF1C=WYlLht+l-LrmXM9=*knj)l=kh$)vS@`Sab2b&CQwwV)$a2rfrOq zjrO+5q{UC0@0uiDJcR_dR|4UWtt7)=y{9%t&`q}a@W)m(2W<4V%?P->IpF4Z@X*JO zp#hEVS-(_nGC@G^+id)iixo(uF>+ZqKYP6RB4-l+&WV2)UxVZCo1G+jL;^?v2_OL^ zfCP{L5*%f$#sf&_N3lKmter z2_OL^fCP{L5jY@gRck8cB@1DH01hM%nDz)@#oX;!8>-GqF_#u01`j~NB{{S z0VIF~kN^@u0!RP}Ab~9>fY1M1&J05!0VIF~kN^@u0!RP}AOR$R1dsp{*wF}({r@p`-kXjhj%9`F>V`Gj(?P_i8G#M=F zRYW`U*r}G+2RNw)eE;c(6$IL zl5=$W_BB;~v`q|_ik0Cq?X6{K0p(`~mYAh%LDvSglC)&$N@>Ze#fzJg znsBZMP`Y;eM!8%xUFjePt{6=2L__)MbO}vgM18?q7bq zbkxA{Qva%zOBXGHutyIpfqEFL3nPN&a7|}P@}zw<;%qvXEx;{jR@c&rOsSY}c!4^s z+N&l<=TXpxdYXo`=B$!yPb1~#6FH-JEw`o39$G@OR^5D>Fla>F)l)rW(9t<_rm41q zLWN7Eo-GWP>t=5&%)0Y`D4|e~v~b|C{#A=tO5NSf zjMu5T3i#Bu4SK^zy(C!8fD3`b*_Fp?#{Cr19mp0k{z29 zg<>J4l_x#9w6zUP>UVs@Xlf4|?_s1$%etB$Zgi36wgC@4>!6=kO1VZ;g3^}NoZhfE zy!X_)Q;yCRD@>!I$qKEO%f(cd0@zs5o4t@xfjkKsBl$)EG>6zK40KQOv5^D{nagHq zdv9<7H@Krs=f-*!xX^@YTWSCyfSRx+bHyZeN|iLAMyx$*hAOR$R1dsp{Kmter2_OL^fCP{L5@<`nZgrVVRV}r3yUxbDWbD2iO1K(JB@5iv*AW5I6O1QI|3NB{{S0VIF~kN^@u0!RP}Ac08< z@YW@q+q5?)YQp`VbKI}Hhb)Tue)GYmdrW&zJh($hWUgtGM!B<{taetEwQ=HZT(Eqgf8~I*vj5P<15#HTFJ00c>YT`?yQFME*9Ntc zv}EZ@Y00X^i|0#S%}KQN({pC^bVujmv&_}m*+N>|Kt&>5OjYt)K`$qYg+!{PsXAn{ zSZFwN-!yWzXvxBXY_C|%W6J=M{9RFApZ({!V-KD#!XC~4_z2`uGZBt)K3xdaA>Y&Ve3NHAJIo^;(Z6L9d#v=k{vNNbAYgfSbw%Tw^q58y^p2u6)>hk|t@jqKCpYs3g9d7MBhtvyggXV}4q&XR^y0+ZiOFsgnr>^G zBdH^sc>mkOapt-2N6XxzG)z}-k@s!x+2q*fNo@ZKRA*MRj?Vqz0c|zy&Z$aSFXj`O ztd>ic*#jCp0+ic0b6+>Q)2bzlj#)Jz8BauQe3A%Qk8X34J{2`33ZA>5FOf$+qV~WO zml?1X7NoH+4)n zzG@xb#%^{VLIn1x8#E+TOcct(wMt?tUBi;t-ETeE^u`A&ofoKX-?J@E2V;(OQbbj&F0F9 zx;>k&YsQ&*tvMQZwkaIT)wuH{Yjr2G9I9;%cgc3s*)r9s(3z&0sxFFzibO$MPgkQ> zEBa8e1TB*|oY@LtBR&}c;-3_|5kXgv{djKidsXV{tm>YQ&g18qs{>8B&X&s+4VKf+ zsieoy0x&1q$g}Bj=eY~o6=<9%vaEJXB&>Yne37EI`s#5zxc|Oa#r@ynaX!WA|62@O z9vYS;o(>h%-C9A$3cl;qTm^QJA-l7*E*ji&o;#;q^|W|t6NND>uy|QQq;ke3)CJX3 zn^Qg1(K&CP=^O_g)9XFd=z{tiJguvLs z*jz8B8rv9y3pO?##7R2YXG=PvI~kjPGQHQ(d+)vX-dpH3KmsA8kPy-c`G5a!-t3+B z&ay4?!%1wO1)ulk?dk&Apke+KShIfbP4huP^Q8?&(YYamANS;1ej_nV!PZ za)&x55?o=o4|$sxWd@Zu*U{FDqzwFllND`hI;hy>tKWVkFAj0tZi_QL@}YqjG7q0s z$#%^znbzu|4kx>7f1T)=Rvo=t?Qas^|kVxl&O$|CsWl{cEUi6RAs6vLa|bn zr@u?b!!$No&v=IY@Q!fp-=oNi96rJ|%2V+XuFgznOQy$Jd>*ctvlhJD+&R#da%Yg2 zskDYXeum4vQC^?YM)+2O=hd~J>7UFQE+}pZ4g)-HYFym_ICuqk#9(jOmF|=dAEw!P z1GS^lR@sJRZgr2Btg`W-wJ9JzXLaIiUHnyCFCG-PiD$)o;!W|fcu71a?iOE(KZ+~F zh2rd=4EJ=R!~iis3=jjv05L!e5Cg;jF+dCu1H{08hymT};XZb%5+^8etX#2woOnix zg*9G}$2V81b5IQnsdq?S4~oxaqFX`^EtY`A{c0HIT#9(8+~|d~>7W1qA38NU3^70q z5Cg;jF+dCu1H=F^KnxHA!~iis4Ez@uuzX)Ivt|zS&Cwsw$JWdd*Vs2(cUw{OPGe-? z>Oj0^j<=EB#kTk_RE-Wv4Ezr;;6I-S{|Bl;Raiq9D9$VH?5kfomiM`Xg{z_~`y()& z*!<>nSKG?MIQJ45Zux>c4cLh+Hx6OJ6A>NmWq%;Yvm&}HWk+^?&PcA z6{?d$8kR4y-!fp0u2@x#D)wJVrQG?TUUkJOzWS}8UNhWtr80%mdGu#@cw?74HF1LL zm&+i}yx-`Ko_9@j>ZfM8SyT`o%6D5sZXc>5H?Y{a+aJb>Fcvx2fFkNI} zrnS(2#6wnb#Qq(YJE&_@)3SAn8JzZb%%ONIJBM_{mX&v{tKtLQp;c31T!$&&uBE9k z&ZI*Xwp%@;uyW30d$ywh(@+MU&QjuUxdT+pwQ0?D^meKs;T4pV&-E0VTYIu_q-=WN zL(T8W^>#P6^iRSm&(U;Frm(adVvws(#@Q$*SGHt3vU0*twyThtpXn*@AB4wHt{W$` zsYAnb$~Nd(gX7-*guzHIcjz=8MMXF%fq-;U%wL|wDq`s;}gIoB44_5NzYqqVm<2hW?YDEPXPsmp+_nAR?c;3!-NV>P?n@jt#lLmd_rCnBisDVzrwD$^5yuY4}O?wt+>-D3C z^TUz;LT*t8rk&wzHKns_2CTC?qpE?j$Rnz`ZcViQU;k5$G-7}lAO?s5Vt^PR28aP- zfEXYKhyh|?ZDpY3|BLU%-`3W1r1K&Mhyh}N7$63S0b+m{AO?s5Vt^PR27c-c1jP5u zE52f|&fi}_&_7~;7$63S0b+m{AO?s5Vt^PR28aP-fEZY#8IUXgX*CkLSE5&g)6oL3 zHlSDhhKaw3--xf*=o6&M69dEmF+dCu1H=F^KnxHA!~iis3=jjvfOPqFbpLDn-G5sD zpBe@+KnxHA!~iis3=jjv05L!e5Cg;jG4NAhARzv#;{U&g8313=41k})HK%hV28aP- zfEXYKhyh}N7$63S0b+m{SeqG;0RTP?!vMT+o;qV*uir1%|NG1s!Q}dX;v4aM@um2s z_*lFr-W0Ej7sS)zG4Y_dP24E15f_S|i8I8>;y7`bI9T+EPO(6=iUY*nVy>7ab`ev= z4q|H&7a_5w7%dvbNHI*TD{SExn*D$FclKZGKia>wzpy{GKeXSme{R2QKW9H_KVsi+ z-(}xw-(X*AUtphOpKhOIA8Qxw#r8pVyPdZ8v-h;;*fZ>%?Me1_cElcUH`$xn8`~S$ zL+v`-uyxyGeQ*8E`knP_>oe;k>s{*&>lN#H>nZC|>jC(Z;ceE9)-~4U)DErx4%P%KYK^xxv2=@>-Q&uQD$&&ofUlk1>xlmzsIA)0}Un&3(;z<}7oXxs4e&gXR|IX68obFmoN#G>pubf!Q1k2${=2c}2mGzgeGZ))GN3oImeorI9Kr5CLhU8|$^H~+t7O18 zhHcoN$v9U#ygx-6F+dFbM;PF}|B=HC@*p){KWCpIev0^s?)7jV`voRGM*IlzL&Oi% z=Jzr2o=UuniFXj+MtlqLO||(AO#B@2b!B=D6R#q^g7`AxONcKbzJU0=+Tl4&Jd5}Y z;?syvAwG%t1mfdrhsQASDB>fC4Uq~ z;;o3cAl{646XK1CHy~b*cpc)kh}Wp%uExYwh*u(Bfp|IMWr&xmte0ToV#JFOFGRcm z@qEPdRMvAb@iWA85YI+D3-L^q=?o=KSK>6>bgD|6f{Bw6PeMEq@dU)<5syPW7V#Lh z+tHX;gdPb8N$8f4 zlh7rhQ$mM?MG_WD$YS{mq&i>q{6a zVLjZuu2k2NFhoKf8iiDC36=y?f*~Ow!7rg!f=_}jp+@d zT5*NASez%$5~qq2#L?nNafs*@-C~hw7iqDd*i+0AGsMnflGsk9L{w}gwh*I4gBT&! z7ej<8e1hBmvj1-X+5Ut58~a!GFYNd2x9r#K7wu>4$L)vgd+j^yo9*lDEA30{^X;?k z)9e%NW9*~A|CM6_9rk>?#opiE%ii6dX-~5!+uPd{?3f+2$J(3Qo7fxL_4YcpW!KtX z>;JR11l<|mhpK*tAlW~o4nQ?(}wsER)ywPVIW-KwnN;7nI$TGd${x#m)_;l4{_3Yz(5S} zg#%gtTecc6!+`-n7#INj1QEssK!!*VMG9Q7!d%35dlCL5dee{0YDfL0E7_%Ko}7Kgb@Ki7!d%3 z5dlCL5dee{0l+&EVL$+M7!Ux20Rcc55CDV$0YDfK0E7VnKo}4JgaH9S7!Ux20Rcc5 z5CFUe5yk^Rhw%VF7!Lr1@c=*=4*-Pm0KiKTVK@ME7!Cl0;Q&Aw4giGV06-WH06Y&7 zMgu^H(Evag4FH7E06-WG06Y`%48+qBVJHCXry{~g0O&9h00<)ifG`pO2qOW2FcJU= zBLRRg5&(D%A`Aq84g&#zFc1I;0|9_A5WwU>0Fwg&Ob!Gv&tVc^9DvDj04B!)m>dUS zavXrkaR4UA0hk;IU~(LQ$#DQC#{rle2Vim>fXQ(HCdUDo90y=>9DvDj0OrX`fMEb8 zhXI%z24Hd+fXQJ1CWir-90p)=7=X!P049e4m>dRRau|TgVF2dYR|1RzFgXgq zqX0~f0x&rWz~m?ZlcNAkjsh^xYzZ(3z~mqR^URb0V*pH!0WdiRz~mSJlVbo(jsY+^ z2EaT!Nq`{$CWio+90Fi+2!P2U049e3m>dFNatMIQApjdFNatMIQApjdFNatMIQApjf8Um?)AyHU|L47b?TG)@n^X01$^Wlr ze@ z&pVwgmHhwJ$L$X}^{eN%&8s_|e0I~kB+Rwv`|A!&c|91OE z`)Zi+f4+T|eTsb?%=bUk?zMAv)^3Fu|2^&5_OA96i11IrjQ?@=Xo&A00rUNZ?T6_8 zf5B}3KUu$p*#2Kw@4;;Umm#wMaqB^t>whc6^&G_jj}ejhQn-n%ksgj|9_a@n7@UX{*TPJVb=e1=Hn32f2Vnq zc{R-XKNsTpPcZw;L(Kxr`foRz&ArUo<}T(Wh~O@ioNp ze`>sMykWd#JPlF&_rje2>y0an3n7O86ysQ!^S{J62qO4fjs1*y#!O=>%==FnVPmYZ znK9B>-w;Nv;R$>f_;cWQfzJaU2i^(17I;4JMBu@|U4fee*90yNoEJDFaAIIt;IKe% zperyxaA08Xz#RV#KkN^Vvl{&t znmd(v+&#&^=GBVSM-{2xR;2#nPU${(D)7Aa#M;RnofR>#b}_(TUlYzp&Ux0@XG(mk z1kRk-*e_J-VK!HCR^lxsa0<`#0yH`TzZW?r&7-<@r)8rEAf;PPb%?*5;&z^V~?rSqe?uY#KTHF zq{M?tJfOt=O5CT!y-M7p#NA5Vr3B8e*Vr8@b-NO`DRHY3wM*3_ZmAzrA}7jBqdH%;shm*SK>G&j#UC@;cM(@ zm0G4mpAtnSj*>H~wIdOaKs+1~XX9&!qJ9YCQp6>Q2O};<>_sdf<`H`k4?^rl%prCm zb|Q8lE<#+0i1YKc1*p$QY)8x>wjs76wjibv4@7K6JOFWj#QhNWMcfB*Z^XS2_e9(S zaUSAa#N83+AkIeI4RIFYOvD+8(-C(?+y!wO;?9Uu5qCnIf;bs*65@`C6A^bn+#Yc| z#BC9`LEIW~0%8g=iI_l)BgPP;h!MmvVhAyaxE11f#BqpQB92Ae0f8_uFB>n%It5@qE`Tv6&Iam|k=>}Uz^8W|R z)Zp@w|35gMC>JrX_A{{N`2R3HUOHAVKVAv+|GD!2VT!ymqW=$*Nk^d6h!{ALh!d6#D;M`TsCoUK!E<=gR+whd^D2e@ zKg^t0DfItg?z~E&|IZov|1f=C8PWge%KwKM^va0-Kg^+5DfItg7QITL{}1!%RSNxo zm`Sfv=>Nl9dX+-|A7<056#D-#pI)WV|A!g%Duw<(%&Au?^#5U2y-K0~5A*6(3jKeW zS+7#)|8wR4!;kCAi2grJuU9Gb|6zi?N}>PHmH!WO?3EGyf0$*jQt1D~JbRTw|DP-W zAEw$XBl`a^*M` zQ}0y@{eQ0ff6mbVhw1lf8~Xn+0bhDV9Q}We{y#_mpQHcJ(f{Y@|8w;JIr{$`{eO=B zKS%$cqyNv*|L5rcbM*f?`u`mLe~$h?NB^Ir|Ig9?=ji`)^#3{f{~Y~)j{ZMK|DU7( z&(Z(q=>K!{|2g{q9Q}We{y#_mpQHcJ(f{Y@|8w;JIr{$`{eO=BKS%$cqyNv*|L5rc zbM*f?`u`mLe~$h?NB^Ir|Ig9?=ji`)^#3{f{~Y~)j{ZMK|DU7(&(Z(q=>K!{|2g{q z9Q}We{y#_mpQHcJ(f{Y@|8w;JIr{$`{eO=BKS%$cqyNv*|L5rcbM*f?`u`mLe~$h? zNB^Ir|Ig9?=ji`)^#3{f{~Y~)j{ZMK|DU7(&(Z(q=>K!{|2g{q9Q}We{y#_mpQHcJ z(f{Y@|8w;JIr{$`{eO=BKS%$cqyNv*|L5rcbM*f?`u`mLe~$h?NB^Ir|Ig9?=ji`) z^#3{f{~Y~)j{ZMK|DU7(&(Z(q=>K!_|9`r_|F2f>|LV2l*Z-PJAhKk&{;f^#t>pjz zxL1?>{~wo6DvcOea~W83{C{2f|GM)3b%y@GuKa&p`TsgY|6f=Bzs}JA*OmXTEB{|t zzyIsX|JND%|GM)3b%y@GuKa&p`TsgY|6f=Bzpng$ouU7)EB{|-=>O}=|JND%|GM)3 zb@ltduKa(Uq5rQd|6gb5|Le;C*OmXTGxYy;<^Su-|JND%|GM)3b%y@GuKa(Uq5rQd z|6gb5|Le;C*BSc%y7K>ZhW@{<{C{2j{;w&pMv8T$Xa^8a;){=csLf1RQK zuPgswXXyXy%Kz6H`v1D}|8?d6>kR#WUHShyL;qh_{=d%9|JRlOuPgswXXyXy%Kz6H z`v1D}|8<7`zpng$UHShyL;qh_{=d%9|JRlOudCnxb>;u-%Kz7u|F5gx|8?d6>kR#W zUHShyL;qh_{=d%9|JRlOuQT-jb>;u-%Kz7u|F1Lj|8?d6>*)XM=>O~J|Lf@g>*)XM z=>O~J|Lf@g>*)XM=>O~J|Lf@g>*)XM=>O~J|Lf@g>*)XM=>O~J|Lf@g>*)XM=>O~J z|Lf@g>*)XM?Q(2FNB>_(|6fP{Uq}C6NB>_(|6fP{Uq}C6NB>_(|6fP{Uq}C6NB>_( z|6fP{Uq}C6NB>_(|6fP{Uq}C6NB>_(|6fP{Uq}C6NB>_(|6fP{Uq}C6NB>_(|6fP{ zU*8GqkN&@o{=bg?zmERDj{d)n{=bg?zmERDj{d)n{=bg?zmERDj{d)n{=bg?zmERD zj{d)n{=bg?zmERDj{d)n{=bg?zmERDj{d)n{=bg?zmERDj{d)n{=bg?zrH!vAN_wF z{eK<(e;xgQ9sPeD{eK<(e;xgQ9sPeD{eK<(e;xgQ9sPeD{eK<(e;xgQ9sPeD{eK<( ze;xgQ9sPeD{eK<(e;xgQ9sPeD{eK<(e;xgQ9sPeD{eK<(e_hA=qyMj?|F5I}ucQC3 z2gE;_SA509A0ht#t2Ou8NHr%0hyh}N7$63S0b+m{AO?s5Vt^PR28aR4fE)(!!Rr6; z^*l*k4ZayEB-k=(N==twNf_et|9|I<0DJ^X0?R8U7RPs|M!`AS==wK z6z4&b{t*Mj05L!e5Cg;jF+dCu1H=F^KnxHA#K3=mfq>>2>haCXXL@|7>QaSIEHJ}4 z__~^Bv`3rRmFrsCnd{BV&DwgJr^(};+LP<;o|)^Kk?Cy7^mx(8(OAySYc>B+zuYGv zz6AgOV#3fdYL~UzK72P{7wG;|IHe6T2xVDfEXYKhyh}N7$63S0b+m{AO?s5 zVt^PJ3-GC(5I{g259k>p zz7=1JvCH0Nj6Gs9KUr2o@dvFZszmj?#d-OTbe=GIj?5TS}|5ED1*u5vgzO_={ zh~2*-*uRzf2=>SyKz~{4wd|p-Kz~WK`Xcl{m-Ng(sRZJ9HiJ{c zNKr3_2t(A^|7ZWh{$leD)-SC0 ztT(Ket!J&rtp}~Uty`_@tt+jIt#hq2tdp!`tRt&G_jj}ejhFj}emgTdU`496O^S9=&%#X~s%~#Fm%*V|K%sb7S%&W~y%yZ4t%@fQ% z^H8&3cAD*Gv$>Z!+uX&RWNu@|%<<-Ev%ws0u45XeX8gj*AwsDGatZ}5V#5l-UXtWyp8S{*p##CbmBV~k*vBqY`NMn6N7`28c z@Lk}~f!_r_4}2VWC-7R}`M?u_2LpEnZVp@%xHNEH;EceDfn|Zi0=J!NRR7@Spnt@`{}KZ=k1`+Br{-m5_gAatgNoE|DpG%Qr}UbN z)VdX^O)64bRiw79NbOpY+Pfk(zarIJky=)fI-??WX+`ShiqwM@spl(F?^L8duSosb zo$`4qQX`psLJs)PH?|^YsvrhKbkS{3jgPiRu~n84DjC* z5z8~6dp%rdUnudp62DU7ms0rHXDaon5}zpX3ne~Q;v*$KRN@0A-dEy1CEiuy9VOmY z;w>fKRN@UKey+spO1!4Tt4h40#LG&&q{NF#yr9JMN<62;vr0Up#M4SVrNom;JfXzn zN<5~-qe?uY#KTHFq{M?tJfOt=O5CT!y-M7p#NA5VrNo^|+@ZwnO5CQztxDXY#LY_F zq{NL%+@QquN?fPJwMty0#MMe%rNos=T%p9}N?fMIrAl0)#KlTnq{M|vT%g4HN}Q*} zxk~&@iF1@VTZyxjI8%u;lsH|9)08+>iBps~S&5UBI8liclsI0AQ2O};<>_sdf<`H`k4?^rl%prCmb|Q8l zE<#+0m_=NGI3KYcF@xBK*oxSKm_|Ghu^I6I#QhQXL);f}AH=;8_d?tgaSz0Kh;tEl zN1TH=8*w+pS%@WDRn8lo4GYhI6Ew_w0P=Od;6|5x!R@jLNr_zvJl;$86ud=2nf@wj+U+%0Yu z*TZ)KFBa#DGsH>a7;&UnD)ORJ%ok~~ub3xhiD_bz*j6M&NQ@Pu#KvN{SXWrWCp`8) z?Z4Px+rP1YX@6wDW4~^{Xg_T~YTs|)Y2R#LYhP|(XrE)BW}jd$vk$iqwhyuw*%`ap z-rL^Yo?%b5C)!)vF?%b!$==i+Y1i9BY{Rax{?Gb{^=Iq%)~~Hktq-iXtXHk)ttYLA zt$VH8Uq6^n>lEu)@c)-s?bcjtM=NM;WSQo7=9l2zKV{xwUS^(Z9%e2CKYk}O zYBrj}_}=)9@wV|Kc22n6u2Ke@3R6&1v&%!1f~X} zflUIo|DXOZ{cri7@Zajc$bW)=vA@;7n}1vX7XEs_R{N*gk85A7y|4D_+B0j9tnH}X zyLPAANNq!{<@?U}Yu}r`$9=c>F7zGm>-DwxX8E@9HTl-}dG$Z)AL%dX_v%;aXXr=h zi}bzpDSBAnST}3_QS(L38#RyB++1@(&2cq_nsm*~nyqWb)C{fR+Sl5L+Vk2y+LhYr z+Tq$lZBK2o7ScA-4Da8)pL>7qebjrC_k8cM-n{of?+ot*?`ZFO@R0e!+&YQx)P%IP-heD}fJQT0%t8tlyrL=-Bq*fE8J$xtwsia=Stjwuw1ghQ|+)V@$@3PUCGZc`{0 z0aH)EDU^yPVo>{o&=iI91Hz)ADCFucnSv=WM}kn*oMQ^Y`6Yq7XMoO&b_0is)#NuG2F zE^QEUwK%3kI2B9;;RNc6>5>Wd3Wee^*zrJ@DHsh$AXjtQB-?5%0#!Z0F~x&nAP7zS zJEm|b0Vf2Ftgg6U*#u246pDgr-%3*$j<`?1DVT^P!jNn4k|~$~5~H$B?Bz1S^$7wK zdzMX5iC|oEzem{=3MHe7AeiPkrcg-U9q}++$GK>d_Y|~;XbNt=;_f9AFa{?rulAe@ zQyA{Y;%vth49A1PNK6vFo7)tI7Eo85rA%;31)<4dGnwg_;6@L{qd|G6%_y0Gmv9)b z(DVuuT;00jt`(-BH0@F{!Bvb$V^OHrw6ZA{OhhB{gm!jJQMeVrDEo=2j!9Mv+LB~- zC&v^HL&e}qLcOMxOwhjMJqbilc1+N1gc4EN4HYMqOwjp7p{+x%9V<<;suL?r(1Fzz zcR&;H0#_pl%?>KDy)wZy1Qz7Ky5e?@393*sZR?nTtzbL`{MQw?DVbz%0%r}}Z(TM) zy9e$e*96A|wSQ3 zVWiR|FIu>43Wnm)e1XCcn&9$4n}ACsyR=}12{zOfwr3PD-JDoim+VSR-u8ilgfuQbVCZfJ!mBFR~= z(j-}3x55;bxz?#Lg`{anrAaoEx(XA#%hVNx+XRm}sFz(~O3GIZtHP9!&knQF1aCt{ zqrw!IPvk&_DJJXXuP{X=g|!u?h-@al3KQIh@Wl%(F?a)kejP3izIXLo z;E9K?T`o(g4&S=KBA?38l|lcFFJ00i-&sTOnp#&-OM?Ex6q z<^jgExqwk^cfg1?2QaM71`KJt0S2{Md`Kdt%>+zpGXN9XbilZ_D_~691u&{j1B_@p z1BSJ!fFW%sz@RpT4~eI=$$&|15@15x5iqVz1dM4r07kX#0VCRWfMIQ0z>u~LU{Kqd z4~eC;34lp01(?v1fN?DW7}Mf_Q7r}-(V~E1Edm(Q!hk_7#D_#vS`aX)Z3URn#skK+ zaey&xOTef$7BHf10T|Yr07Kdsz@Rpo4~e9-%>k3zD8Pia8DL!76fmYW0!Fn>03%uh zU|8E25F9VSpf-{Z38%CT0h8JYz=XB|U|bsx7}JIUMzwmth_*gpSQ`o$($)hEYU}bL zp_H}`U{V_bn9%9~pRI40`=sq`b9UB)vW^5?-B)xVMIj zm{;Q>>h*FF@p3N0-~fsc{{HWOP0s)StN5e%O8g4G|MxDe1o)D82G#_8K->i@0$wMs z5EqG`iPOc2;%IS%SR#5vhiDfEihaafF;na;b`;x)xCn|Z#Aae6F-)u@OrZ;Ae`kMd z|H1y!{>=W+e%pS{e!+gqe#E}dzQexBzQ(@HzQ8`)KGi+FE7S^uB)ck3JLch(oyC)WGco7OAVbJi2qL)Jau z{oi0+WnE&OXPs%C4F3O7)*)8G>arGCE!KY49@cKwF4kmgJ1c30tu3w1tp;lYYdy=h zYT@_)zng!A(Sc9Qcg@$}*Z;@N`^?+S>tLMVJoxSZc=IT8iP>!~Fb{+ggWb%X%^l37 z88pYh@BYKgI*cpEBPZ~jEjL`t&3w7{oKMVXl@W;THflmVO!f*Z01s)6B7q~5OUEnhKrT_H6 z@i6MJB+wmL0KfC^71%AXb6|%+G7t=m2{Z(T`Tq!G5TE$p4b%l{1I+(-|7*3E{kVVH zRX^FksOI`B4U7ELrBU!D|C1bOcd=S|Jnbn~=RU6XW>xxERq1al(=}REdcCUjW>x8E zReEw&dTv#^ttwrpN*`U7KD#P?RaN?~s`OJ;={Kv=zp6@qTbb6is`PqQ>CLLrlUakC z?`mD2Ta~}9DqW~bA6=C`yDEKEW!kqM>#jcL>P!a?^DbDOZoe!xCJ z`96Ce<$LTsl<%^4QNF|8LHRa&8|7Q zE9@1NFUy!!sMkv}UKQkv>_wC>uoqB1&z?v59D5Gsv+P-v&#-4uKFyv+`4oE!<&*45 zluxiHP(IEcNBJ0g4CSNjQIwCcM^HY@9!B{PdkE!&>_L_(I~ zup3Zb&#p lH+Ywd`7y*RX3)Ud^sXc@?_~<(2G8lvl7TP+rb1M|l~$4CSTlQk0jl zOHf|SE=G9~y9nil>_U_munSP0&(24A9y<@^x$In&KVv^bc@8@V<=O0PlxMNCP@c)o zM0o}~1Lf)Lbd;yD(@>tuPDObNI|b#*>|~TDv6E1q$WBCg0y_ca@$7h%$Fbv39?OnJ zc?>%S<p*K;7AMrI06Fz4#xn1!!Q8gPz(S#1Oot;VgSGr z3;;M70{|8;mOrQVVgNt^0|4?E0MLU000&_JKsN>eVgSG{7yvL00|0i$0D!3&0I(AV08GIEfXS2Pu_jHDxFZGtOvC_y9WVf3 zdkg^B4g&zT#Q=b9FaTg{3;>vb0RSls07zm0Kmr2*;&EA8379Si^%f&l<^7yuwJ0Kmoo01E>EObh@pFaRKc0RVms0I0y^mi`+t7F^#A2sm!QbOpXw_Eoi{N+3=jjv05L!e5Cg;jF+dCu1H`~jfC2LV ze*zboPLUWO28aP-fEXYKhyh}N7$63S0b<}M&p^rl|H%_U1P}wn05L!e5Cg;jF+dCu z1H=F^KnxHAYcT@>aRpmP%wgginDhUFctTtt&V*V1eK5m+p=g2m{a?Wv0CU70;s$XD z{4f7LgW3K&uEmtlsSyLj05L!e5Cg;jF+dCu1H=F^KnxHA127;Csamy2^LRWPY9oA7 z4%g~Y4%600S+5O6IaFH*WrNm$a)?%kvQ85yg=V9K(*MawBaclq0m^ zC~LJ^ls?UeQrC3x-2nC4KpTeJxyIpCbjGCch>zrXeXWF4=^rsb3=jjv05L!e5Cg;j zF+dCu1H=F^Kn$!&4E$ju??exLCMGy87#U<18fdYh(yN+!=Yp>!AE*0`olq4czj$q*$_%h2!|#FqvONLR5%f{{JSuNZ^5kJ zStnY0?QON|)x23VLwnNuPwxW0Md{CzV}D&er(RL&(cAPj`RX^_)N}myg>*|tCS53` zTNiX@x(a!hs!y6TW#Zf^4Ra^%IDJY(qiaiJ!1mibYi`5LdDEvi z>^5iGjEQshZrF9o-di>_w&p61N{K-+&^MuPysv)bNYBwz@#3`RI`PVsOQ#p#~b1?iqKkziB9X++kY-j_mknPO457OH$tt;5xR1|&V zeD$+8<;7UGt1Ytxq1n}Tq1@)SY<^L5d$uFfmF{#me)gcl?X;Pbr|i|xxayr78)nU1 z?$)R%zOkt|xo=BfeJ@n$&=prnQj*SgWh8se>8`fseuKPFt`lH)4Wg3$dkoCxbRk~}+?PtaJwUf2f@XI%U`3|hS@hh8gsi#;$ zW?5)HdkFL>&O>2LvcE&A=p$H5ego$lu=6SPbq;@RnS5(cw!4s(J(N?$a%rVJvWIEQ_GDTMxt^s1 zXKN}B>l^K>-+e1yOu3pdbjMwA`k6w$Ih)V-X7aMfLJhixB%Ub?eM@wm=uvlY@(mMRqO7^kijk+}5Un4b+pYa39r)sLitbs4B9tskv{suYN12f)_hB zr=aeh+(PKA%LkoYdC=u@RUf8*|Hh`i!}^B#>W2^a9J4#V!K15n*aZMn*aa5c6F#e!~iis3=jjv05L!e z5Cg;jF+dCu1H{1K82H_a=Kn{+@n9-W^Zy4&Bjq9nhyh}N7$63S0b+m{AO?s5Vt^PR z2G(c>0^&1R|NluQXaBF!Cqk7c28aP-fEXYKhyh}N7$63S0b+m{AO_ZM1}f(N#~MPB z36a!zGv_s{UZj5 z0b+m{AO?s5Vt^PR28aP-fEXYKh=H|`0k7BZSN{J$VgCPGc!G3F!~iis3=jjv05L!e z5Cg;jF+dCu1H=F^Am{&c>Hnt!XEJfF__MK8%(5Q}d}}lX-ZO>-9uc+nJLbD~-rCh{ zGIug-?YYL8VhgL${LcDY;LO1F=4s*tdwctG>m;kwwv0#YZ_E~Zl=X>qgY}Gf*|=-sxoS8Go$pKtE&$t}#Z7Mgo9?Xh}q zq_h!|i~(b3L8uLLu8VKhofx;_1nB=knP?u4id89Im-7oA2&OgD&eHUe`O; zlV6%|PIqTZl?V;<#ysiXLaseiXkF0Ux***(Kaa;}V{O^!o#x4B4(iQx6|(7$ z^66&Vq@g{V>B*0k=isnf+MaJN^rTxCWqO*kZTT%EY0G8k%(eA)Wb#e2j>~QA?rrJF zwvHL<-OAIIIk-7n$aFS$X1aQt3+a~8@+ub=^mev%rL!IRQuQ~lxXKO-qa-7}d8mit zd^1U>yrB8+beCh>ROZ2ptnxI1r*^p5oOW}6EOGM$+X zM|!vSWb^sn473ZlM5WAyTp`_&A0gLqA7E>1uA{fJE58A@gLDsEvSyX5EeB1ZCtb+q zh7b29Jl*bX-96b{PqwghnB=))izFpqFE5I^$>e2m?y>b{+sCruf-LFI0a@67hsxsN zG@IehS_BOq`D<=VFU_wf&$+rb>&g=;-2nOC7U%BDt7_-h8Ru;-^Q87w7X~j^A=lj6 zlaVLY1xF}khRFL)<(l7<>+Nn%=kwY5UC@pSb$Cm5$6$WuQ!yC@6g zbaulnmxn3`(3_F3MIJqvQsD!S60 z8C^1-ZY^XN!!<;vOO2&QHiLX7-22U{$#3-PoV*?rtt*3mut&_=@S`eI`B^pNQ|ox8e_wpnt>wF+dCu1H=F^KnxHA z!~iis3=jjv05PzJFo28v`|wA8&FlB*P;FfPzXm@AprP*d%HRKW`Tf7|#W&*j;&0+h z`U2n@a)GIu!~iis3=jjv05L!e5Cg;jF+dCu1H^!v0nJ>FwbB__ne6Jnw9@nAfWid2;voe+tQ z569!NSY%HxlsZwCs>@kEFckoT@dqwA4mEBFg(pN(6Qa@aiAW?GNiA1!FgZRFkHkY! zAb!>$$sbHM`TIYs8%$2hLktiD!~iis3=jjv05L!e5Cg;jF+dCu18XV+mOYIP@w~{y zNY9J>F6&imU-LzCs&RiH>c6P=E8jD|+4>VTZ`bUqU9qN~;ZLUC#Z2)?U;U_2e3=0& ztaN0uow$StF7V;j*`1T-Oqn=$O2gcVJ5Ha{(CFUQ*f6Fs+t%2S?J8vEXL=fTn=@_3 z#5sF6>^f!dhKcj$&YCt8_MI_h=G=yvv*7=E)2DCQUw~^r*H&B?2L`|T3w3SGwJe0y zWy+hNFj&?l4{KR8Hppc&Al=)Qg@tP{(_*>mMY^YH*}^_1Pt;^RGz1MQ}ub4s^mUlICyDcAXgRLCytBKtYDj3KE%Co@|2w>&YNClZ9%TLC*Ro6 z-jPce+=a^Zj9_&W*yNn=m{2erZEC36y}UYz`w*qmfU4)a^o&sownmaJQ5$WzgLuTmDj(%ar`PGBy?0 z>+|{QCnh|_ZI^3H<(--jZmn!kXXxtVTkXz9qc4A4?bD}K4UF?TNpEp>G_ z=RjW#bbF&JyFK?ij%;`R4`=rlc6MdcP>t7}qjF!>K-}BqMd~jbo_(xO^VLrspbnvx)WP-MZm7y`)JO4M#DyuMH{(%pxp4al$Jh;!}tKS-qIRYuDD5L)c z!EH{h<*wgGC?1Vku z9%XN6uWJWvkM(!!YwHW^BkN7;Me7Oce(N^tTI&+)9P4CjnRSSDkhQ>Sw)U`QSd*=- zt+3T(HCXkQZPl3Hn}0UHGCwunHD5KKF&{SXGH*1mFwZwnH;*%qFni4ov(?`2y-3NZ!+U=#vhE&jSr1Cj2Dc@jr)vSjcbgHjkArDjH8TRW1-P(%r&MN z+ZhpKj4{$!$M6Nd5Bw?cMc{+LYk{W&4+L%vTopJ!aB5&#U`e1e&=S})Fg-9a5D$zE zGz5kQ0{;K=f9wB^|6~6f{^$G;`|t2y>%YiM zzVCcr`+ntn&-aS&N#A|Gn|)XK&h?$_EBY4u7WoeJ&GYS|@A$+1*0$S~&S!08AaIxG zm9_D_)|hh&+@(!lX=Sy}m2UotYz)+JzlXEW;6F$Gl(SDA^%KrManxUM_6tY-n6r-^ z^&`$ca?}qw`_NH8;OqlOeV?=U9rZoV-gDGKw;lB@&fap=H#vLL zQQzR~4M+VsXFqq;*ExILQD5WiHAj7wvsWGU70zC9)R#GX*->BO>?KEik+T;a^##se zaMb5Hd)`r>>)>ekh2FJ^#RTvaMb%byWdgoxe z>?TLOk+T~e^#;yvaMbHLyWUZ+IlJ0Xuj1?~N4=7>D;@O; z&aQCO%Q?H;Q7_}{GDp3Xvr8TI63#Ah)QdU0*ikRy>>@|Kkh2RN^#aZ=aMbfTJKs^y z~J(sg{9rb6N{mfC%;p`koJ)5($9rY~E&T`Z;y+Wp0nc}^*GLsbJSxwJJwN;;p`Yk zJ({zl9d#LJ%N(_jvpz>Ha#nQIqc}UNw#MW4c#h;pD&+`%gi;RYhb!eUewb1Y<%cTe z5PpbKmhz=aS;ChnYO6ldjN-6MyQt~{nlpfxrl!N#|O6lg^O3Cq@Qo4AT zQaX93QaX5tQWo(=N?FJkDkaOaN?E`cC}lpMuatJ)u9OVVD5Z_JDW#RSDy4N-P z`L;^ghHs;kt@+kUnZPF~CB;)pN%Evp5nmj_AF7n~_vb zKZBru!~iis3=jjv05L!e5Cg;jF+dCu1H=F^u*Nc=YcSN{(`q#E`MsFXIh+i96Tkvt zdFmMdf_GYz&AW|@YOk(cM}J?RrahvCyqA0Gyq9~=W6U@!2(hheECGYAc;DWATl?xq zjNr%kROBoM(dSi+e4gFmL~T@r&O@knWz>8r1g$EXys)&pKkT(SrmP&}R0_Q>6#`Kk z?b#0a7OE>|wt8pyaIE|iEmTB?S5|Mu?~CI1S0O{Gcy|mf9-=FoUyy-VK=`n1M<(4> zE~FxIw-oc0h8Rv6S1u!o+!4E_@WlbQH!bdyjcBB&=nkhT#mUJCmvZ=M*;pB!gi$#1 zgPRy3U$KXZfGKT~SEO7RgoY*hw(`~I;K(^wAWtc?EXUCypvMW}={LyBR?2$7s_N6f z+koXPUrYB6GD4?6jm-Odbt`?U+BRh@&$UEG`4JpaZtdPf7TF&e=H9aVU~1F9>%f(9ZEsrU>r3KHkYi@! z-ReG=TNloOo!i#EX^{7B#qBpHvciz{q@dI^pxq&FQu_ z`GH(DOT+2ts!(AT6^=b zicvFsEW880fLz&WRBT&1&~>cHQMI?zCA!P6?sJaG_eF7f!%3s?QdSgKk?>bu#foi% zyoMF`-AeBC!S)D9ne*A_^2J|Cxp2efvoL+Hd2zaUEsa>_5Jr#m_Zkulp*$iVEg>W-_T zz*3*H!s@FJV9QC41C#`hs?wL$k-~vris0Ms*p`+rAOr<0&f+x~V59rC?S#*7XS-Ka z3H9aqX1H&9pqc}{n6+i{tvy-%PWJ#An)-(JMSS(!Z_k${mTUIS?q`_0nOAIJcdz(< zsK_|Td!yn&S=U3u)z4Mj7jCu&_sq)WvvR4lY&^i2JD~Q8J6pwl6@h33pp`@*U6pNt=Cpw4ELr%^8fGkO)H*YCs)oZ zcOqll`JDF*IfHolOHqCaY0dR^^%qd?g(|nhB({A1;9L(h7iUImIU{ygE$Muwxecy( zX})VX7VDo&Q!1-a=xOfA&Cj~>RlkG4eVdlq+Os|RLPayI=x!@YOb<4vd>`nq;sA%v zbrlw5+B=p)uQ@-PUv(!}=zzX`rQIO7eOSyuU59kMa=k0QHZbD~UKEq&^qKh&U1H=F^KnxHA!~iis3=jjv05L!e5Cdx@110}o z{9}!*K2@3+AO?s5Vt^PR28aP-fEXYKhyh}N7$61)!GN6qKa_pJ?7!OW)*FE|e8cWk ze|_z_wROIWe53Tc^zCb|stJ3)^zP4p!<#*yLDqw7udTggB}I4jO@&oUhI@)bT0i19f_tx`eym+r;Oyqk*>?J z5SB^lN_XG|=|5!2%1$0=jg-<>xjst&K5F@<(l$w&Yg@nb|$8Yve_wO zCHGUVZx`9URW_vl?ybC{o-(lqDlaOw1NHe|y!p!6)n!#XN!I%}G!^Unrupjkg+oqp z-NOBc?8)V1&w^i`?PxEc?3rJ1DsailE3kr{tE=N=lPgrhA*6sK$gkb+3|}aRnhhPW zX8o)?l{tOomFdr4eSFuJrolX5b! zg(sSO-BOiP_8ic5ay{9?(()mDSAIxW{_2CeH$j&*MUv}T0l9^qbn7Dgpth*>GZ2d(_zuKd+Uc5i}~ zJ#l5PPWeK*(3>xxarep(TFza4$o>sY&3!xg>bC-(y^8029+n(*t=_6G{IIG6Rp+Wc zfNSB=renMMw)fQ!AMQCtEn=riR9NqnTUt#S%N^t+$JJ=d4+YmMbgn84v^n3~BHzc# z3wpU$By%rWxAF!0pc8ECg{8}&F{ss$%cVFkYVK=Wu0_?$T>r%==Wv}yRl6)_sVcdI~p*-148>~C0|c?}aATfef;vlm$>T0wD*d5yiDm~L_VY3p8l zh_%1@=IZdusZ3&k7$63S0b+m{AO?s5Vt^PR29{@F9Q^#4h=()L_Ha0rP6k^-nP4#5 z5>2)zGSPS{*`7?c#G;9owoF@$ohox@f}wc4J<`$^4Y#Dz?ZK8rED?%?Hinp_4xAgAs ziD$yG_Fx+7l4yx#+FL>`=}e@pEz#QE5^igWN84K4%w56>*)0z&aLT&BAwp6UWEfh<@-pQ75rajdX zinhhtlEHXRW=^M*k$5H^ZcVqhB!ihuCYFJNwzP!O@%CUCicTccnU;8Khs+#GCzI*6 zXet4x7>T5#k#s5%OhFx5gNaN!-PV$54X0Y#A`7w3peHgd=~OzM4uxA%tx;2%E#$xegvb{Am zM`n&hWARWp*&d3trP`BF?RYBP)*fn&$g7b7%45l35Uy8PW)8O|f%BHuWFi)gMq5H~ z(NnQ>D%IN39*T!r+o3%~QprU8P?0o;@g$IVyYY#>e(0Ee8)>te9oF;-m-%^=5(H3n> zw+7=O*d-3tY)giN$sk;_P+J;EYD-1JKx2E-5^wy#Y5<+72s8z#NJ~p95=w>BZK0NE zJG9F%oOuGM2Bj_Pg;N>)3DWxiE4cDxCI*NBVt^PR28aP-fEXYKhyh}N7$64LA_gq) zd2ER166S3Z$J@WMhMRYrGmYnrS%Eidm(~vPU0-uyjqSaihapRNEjsNVdMe)YIRByh z{0RArb$u-m$}`SW5z2$X(A_|`5 zI4PZG6EvRT12&+(z55QtK>lNDkbWl)GGCI7m2{WQa0!3hKqdIdbn626BI_!`)m9m* z1TjxgR8KD5)|rMcS}%8P-0@M)=f_*J1-Qu7p-({>kD2-Z+4~Z}Hj3--)wR3YlO%vc z5`q#E5{Jmv>XspZbCEzU;v57FMwVn-iEKHNoP#?e3E?cXK)6dOv_L6PN`SUN({hvo zZK0(=DU`D%feDZ)azA-yCn|y_vTiarh{6X@3^% zlpUC?v^SI4+FAPYZ2bmz@l@ESHj&-^oJ--CfIZ%1<6LELDShRXT2)Rbz#H7Cb3ka5 z8hssaQL9|9-zXJN!JidAe>tvcIxYR%%hou3X^5Sx@`i1`?$dhLzFSD;~7%qG)4&^F886b=Umd{P*m zbZ7}v>!24wBkjo69$8>u=_#b4ZNjH^tG{qudMaq-rKUNsg`;*$9dD={Poa07)~AZC zLR|#TFWIQ^r&MwHBnfOTEkkZ=t+rUcirOLGiHaIvnTT2nB0@PQ4_*#za4p}&UA4P% z@NU@ZauBh8%c06egpGf%wNdzgDb z{H6yyQ0LY)B*A>fB7 zmjYjaFLi-3~%)8sO@m!L6yV<)arJQbHA?B6( z^NuYp!Q<2BI3AzMg_Pr2rMydLSIXoej!$Me<}9YXb9_hx#t@IMB(gmP7{VF8~6-3>Kdh4H$FI75;V9K;RM{5OEtZ8!Q2y;&hpG%Fmu+4 za8M8*ix@biugav{#Bf%qag=BHsGh0GUSDxB3>>h$U^t8Wz#wfW-le0~QA?4pn`YybcMiE6Z7 z!s39%0gD3`2P_U)9I!ZGalqn$#Q}>076&X249Wq^{y!*ttcw;0EDl&4usC3Gz~X?# z0gD3`2P_U)9I!ZGap3<12PFM(oI~&D^pExT^?vwa{aGBaIAC$W;()~givt!1EDl&4 zusC3Gz~X?#0gD6sFb7-?n@w<{kVl^g;5p9WaJ!NH-=%kO`kVTr`Yrk<_-XxF9I!ZG zalqn$#Q}>076&X2SRAl8U~$0WfW-le1AE1Rv5sb&-)F?UzNpt9_88HoV4%qtX^2Jw z0iWR-csUSm@&z0GK?A;>=p1<2A8ra74FUKpVmRtxE{8lupeYz^@`V~gzHm4kvLEbd zcAI6B%SKZu+5kDj#}=*g|9e%T)=d@%EDl&4usC3Gz~X?#0gD3`2P_U)9I!ZGabTa~ zfTS+vGW?mG{*m6PKc>!CXQ|WFkm^+@st2nFsH*<3e!qUVew+Rk{aXD?`o*wA;II1G z%0HFgE6*!GQ0`K$Q?@95O1rX9IZ~-t4pbcS`|_*uQ}P4yE%IgZnR1uBL_S8IDvy+% z()-dY(v#AC(oNFE(mE+AEs~CuCQJKEocj;%m)wuJ?{Q!6-r_E}Pjk<6N8JM@tHq6Cuh=Ti5rd*fRD^#BZwt=~4+*ykR|w|{8R0}>rr;CC2qOOh|2qE+ z{~&)0e;I!!zl1-ApURKqov!y?uehFc-RHW=b+K!mE9qL~I?^@SwZDsV{=xZ@^D*Z= z&g-39oCW7;&UwzLbAod}$H$I$9M3zpJMMH`?bzt(b+kI>ID!t3L$UwE{{r;&wP)-n+GpB*_Az!*U#s`(X}w)PSzn^h*JtZT>+k7N-O#7#hw5YW19VLnbWZzF z-=Y0k+o`>+y{f&S{Y-mO`+@dd?c4fW+MU|1+Kt*)?K15Gt*D)$6|`>sRjos7(@xY* z(2mn)Xh&)xtwEclzo>b%gS6qAtU1+B)W50ksqd(7=+CJytG`g6Q6EPj`CwnD{Qe-;NU4pe zq8W$^{{@T?x4lgB#e9Ar{^P!H(n5w&qCH~Lf^cg%6!!VJhbuH+)bIrYhM#+gq8Uca zA2WR1_e`4KABFrNPwu-_G$3=|p=c4qABu#0+=CP?j33(1Jy1=9a_^^T!O}Btqi6vm z>WhT}+W z5%n9s2zOVR2Aql+5#WoT`=&{Y_(DcF7=!n{)1(EUej)~3;J(4o0)Ah>&)s3t{C-qP zej~=+Zqf|MKNg4@0q(XcTF~d`zD{U9cm{t28biz%<-SJI(6dCKj9V$1&xiso%-zD$ z0ug_N`)U;}L=<+I>5Bl$AEG>Zg+ZU>6(Ljj1w2Br9 zMYv0(nQc$RaAJLAu4oh0^mkl09( z*q79wwh#aGGF5-t_SR>R%X79HK7(9dv@QP(a(UG@>@&#aE$->hAeSB7rq3Xk_qd~n zlFNaPM!Vt7rIOw0o>be~RC`x8yUI3}cMOA`y+4YK*a#d&hvO(R3`gPpa1_#U6x47O zP;ul}aAe3h@}ZslQ}DA)z~NXNj>I8pjSBt^8~IsFg%OZsE_ zJ^J_>jZs2?PKj7?RjlGtV^%fHfp_Et2Rdq!pc)o|DnFEKC3>Y-Ue&S zbJdJ`qB>Lcsbf@8`9OJHc}96qxkb55IaBFUmMF(4QHWl#gI5oRD}7bJA1NqtZjtHtBBZHt8$UwbGYBGqFiJTUsmiN@*z}wMt8+ z1=6w7F;YzOONUDnq=Th8X+Oy=+1($xKXCui{X6$-pu2d^{WRz=9(LdFzT179`z!8i z-CuHF?B3))$Gy(I+P%`9aJRabx)->Qbsyu7;cBn~ivt!1EDr2T93YcZm@I|S(mWIj z#%zb0G?*m9)Dxypw(%wnmhT3v`+SCN98L3~Ntt2ulxR_32-dIxe<&ES9b(dA{s7EI z!@hv+V1^d;$ATf-m@_()_@I5d816?O&q792igC4S2p0 zCe84Nfd{dG-!|N&A)P}M-q&XvRz(Z>qqhC3Xs~V2rdMddiv0IF7=n;V9IGqu{AH3Y>x?e=ClRlX2ub3C+Y}ZUmyS6*!8Xh@;4I9EF$RD6|wu z!6i5fwBX3U7)QnlIPxt*c|}D8BC&-yiY~xWWIm3<^KcY89!J6Ba1@w}BmW#68OP$t zHyh;@5fBK+X5lD06GxF5I0{e4QK%V5!DDa~I2uR(qi|$Q!;$YulvkKXAQU?SN6{u6 zMPfJ#M{yL2;3yczQ6PjPe-KAT07pJQ$}8kTAQ&@n6!qaK(ukvQ1CByo90jN1C~!EA z{8Mmb)Z@rE8RZppA`pm8!cp`v97QJLC_Dj2p+j*L9FL>GI2`#sI5G~wk#8)@E8sxD zA3GRF(J?rRjK)!T6plg%;V3u~M}ayV`47aAQ65G@&`ps}3F+THVwzqw2px<2Cq;wx zG>oxP?n8=(x+>Bm{-Z)eLrWkMjBtN9X?~;+1znbp`HRe=upF!v&!L0)^XIq9H8?lmI&B0M}2^fLAcw__-Yv z4U{0DjE-^dP&62VU_kV9zc*><#b9sQ-11L%(+}mXu;sEGA z;bpkDOd1TqNPGqZ+?y2|+-QI(ig0f*G+)pk2ym}cG&Dqp0x|A2lNJVDIp`&U_8XJt zHzM$EFs^a0QZyLmkOG-|rJ4qMt6$SJUj%fi2KRD>2KwZv5rp>gD~1NO2KvUAC>lHq zOd3MmixdsSMi9g$_ku|SEip8iFzDKTS)!pa9oh!+VB(_l!4`3JPYAonwq1_B3k%sv?Ee_Ejdn?U^r_4bo08dN*? zOcf2;3!bjfpmxJS*s;$&MbSWf2Ei!7{n(@hq0ayn^u$k^H1v4T)PT=FGHHG^#X+M4 z_e6yT?GN?gF!#7g0}*CKf*=;T$0{_KeFdRQgt076&X2 z?E4(pq}pZfQ1|>TEpB&n^W1#CFEzKjH=8TO!qGq=5%kBSsbCBYl#z~jA{Y)O6QNKt z>T3^syW$~(g>0_LGk)rLX>Bgv+nYk5b^LfK)sx63(>cQa9X*(~isawXbjNis!qUniGZenp8_)FM6D&ra3@c zo-TCF?MbFPI#Rh*PoX)HNagdA$J3k3u1qBgZRuo_XOb}qD1}@+u?juQBtL@rLcGwI z2ZTXiJ4y{Gj9@aAPvp|Qg><&3l%O}4&gRmE^(B~qhwjYg$}pbKr#pL6$+kkal%ONM z4&a(pE?>zb(a~nWWg~=&01!q1mj}RK&bgy4Qu!IE{0voo1}i_Km7lT7Ps2z3MrD>t zG^kRHaxUq78@$~bc%xE6s6pUlTN>3o;U8vEA)YI=q1q}XOTtwOrt*a})FHfeSGF%# zW^6JG`?sM%qzPkSe-$`&3w!-hkKfl6^fd*-4S^tR0SH!IF`9fvLj;WFMr4y@Bkgg1 zReMYX{K076&X2SRAl8U~$0WK#2o&PFthRy(Hb8n$=Ut zt;Y^Mz^#TG)5QUF@j$1|YZGQ>6Mfy_lVV26?S_EKd^MRL;j~S%xvIxC%lOh?f>WY+lSxDdUT5e76&X2SRAl8 zU~$0WfW-le0~QA?4pN`GGenf{di zxV~Ngo_@dnE&WdY>-x?54f@skm-I{Z3-pcpIr`~(ANUGbrFZCYy;WbXFV^SlbMzVd zQF=@d>W%soeWLEsN9zab!*oR#bi4M6_7CkZ+Pm5g?QQKf?Pcwk+Oyiz+7sFjw1>0@ zw0pI0YPV@$)o#?T(XPfxY>a^jSs)?FI{g?Wo`hohM+OPgreO>*v`hxnL`i%M`^@r-i>VxXH)w|T& z)mzjrtJkVms+Xx3shibv)zj62+M{-_dd7eC5K1ObmgVHT~_D}GC zuK%VA|0n+OP(7dLKj+#1`G30|7XCvCoELID_#c_gTq&G_zDhxjl-95_$wT~gu@qc_yP`piNoh{_zN8V9EZ>0@L3%G z42M6(;ZJb*3=W^h;Zr#LF%F-^;g4|m1P&j^;bS;_6o)^=;SX@Q9f#k?;UhSF7>5tx z@OwD?E)Ktg!v}Hr01ofR;WixJhr@5<@Ln8#3y1gM@NOL5g~M;+@J<|l1BZ9u@OB*D zhQqJp@M}1{6^FOr@T)ky8HZoN;Y~RFG7fLV;SD&v9*5WA@LC*RgTt$FxD|(2;qXcv zUV+0e;qZ$%yc~y@;qVJMycCC*;P7G`UWCI7ad-g^x8U%69B#(pCLC_W;dwYL;&1~F z&qe0gb5L+L3eG~onJ72|1*fB6Jqp&LU@Z#Ppr8*01r+2_kVC<06!fAXi-H~$bfX}H zf>kJ3iGnl=x=_%Gf({g

@7H0tM|Th@;>%6ttn>R1}soqjDnL;umS}qqF^}+ zmZ4xN3YMUt1qF*yZ~_Vzp;3yPKL&1?KI06MtD2SmTih>9V!YBx#Ac%qh3j8QAP~byBBMKT&;6=ey z6daC%DJZB%!DJLnLcw7un23T2C^!@a<54gU1s)U}f`YLqI2Z+EP%s(=qfl@V3Pz%! z4h09I-~bftkAe{>7>076&X2SRAl8U~$0WfW-le0~QB%%Ym_u zW}6Z7Mg1Wo5D5EyZSlTBwmV)(XL}lY*Q0O#jooz~s&o@K%ytPU+#y8y@A0R&mN{Q? zp5k~#o2A~NdX(E8i|x)Y@%0;&;%cGp;DhZO(uH_?Cbc%z-j&U+ z%9mqqd+AY@G*6#5%QL=A$9X2ld(u6HRA(yZS+scW{N}|gJjc&k;b~sFWZ~QeaNqn{ z3zm2mEQJ4;&YOqI&1J@W*2Hs(u6Pb$FZrw`yu6uD{n^D{q3+m2>>I{WEL@w-t?I~R z*JAz^a`D8fR1WSk$=n0A_+?&3T(8_k_+wr~FG5|c-@q5MLf!mBY#Y40dV-$R+O~Wl zUg*oy53ypm&%oSQ<1yIlz>1Z?ig7lU73o#!w%&MW3iF~jo&z_e=qXHcd(Fo%FC$)< zca@&Oyoh*Fxmdrhm=@}0zylmabHYrGvcl!k#m9GFeCeKAg_keYpHb`*>ZU=_6LHa% z*DIIUR!A41wVDs(XUnZzU~d?#P-u}j)A991N3m0=8#m5&-U*~rn8j4`HA)4R`-PdL zx@VNzKix&3D4Y}3^67p;9;4h-Ci_F7diruAmjcJLN#Or@PZE9=zM6GvAld-u_e#LVJEtpDORVq|3YE<}jH|2^6p{}mZcF_#nrtmA_;83NX}u6Vu+T1#&{pNCNo8bvAjCPTB`x)3U4QL_led$aAwc7Gzr(C7%Xqw7(ry-|oPky|okXlzTYolDb`FtOU?KSCq zx;>qNTCUUy)47tVj(A_D!1Q4}DD3{$cqYT#h9pB9G^t#AC0NLzQj2l`Nr zR>5@1e5wF!>a6wp^@U;&47f0>I)EB*%}E%VN}!VH`P7NE2HjeBlw^8&j)WUemZWeH0Ip)CHRULWq&gI!>`rv(t zeXzmPva{vE)0R0gcq%duq-u-;Oh-ooBbysIR4|E{VSX~*ze}S*M>+)!j~&EnB+K=o zQK>Aks}t0#_CIkR`)1DmQ~MqE&C=~spEOI_-~GD#8}4=PneI{Id*b8bwPIGBAs!^W zD?BD#BV>h{!a@8W`5*FE@vHcwdD-=X>*l@vXWu;NzsRRppWD;idwX^}-0|?9-65RB zU9`t{tk~l_ChgfBpL1$(8e#uA7u?fQgbdfai+jdhnUOgg{E4CgPAQx&ad~M7S(1zQ z5a~Pa%2iAnM~yU|D^Esg+@*YKC6QjSe`^;{VUaBk{O@tV*m@Ld)1n*t#yHqIR_+;# z%;{o9I>Nd>neEA}_iv5idr&_>_t*#CRMDN4Z!)$>7d+N6a;2yV#3L18>vqm}o zP&xm}Tm3jKdJ#xF@R2G>>$iG$mu;Yu?bO|5YbLGVI%zlA8sSQ|hYg-BophX;tzMG} z(Q>YnwtCE5A?ZLKm?RFL)@}m^ z^#GcgYt1%5Cv}_I*5;~NSCh7iX0A24YNnjL)v=pQjS2(ogJ)`{G_E?!%oKWCjZTox zxAo@IYhZ0(&fRy_nP%>A&%lN-@D~47Yt3Q~tyv6|kzz%$GB>ZSq|JZu$&tA zG+edXENFDig7SUsD?ve6F2s9PuUQD(FtCuS^u|?4l#@}THp2#vG`_1=nq|~v*uYyj z&NbnGZ#=i2$l`#-0gD6w8yryKF-CLW<@8_Z55l?oOSKf7YX7P7h;oPM5hdZz!mouN z3U>)N3Ks~og?j#H{3HAo&I_FDoSlx}!)>>67x8EF-Fz#5{Ack#jeC&E=E=n!5rM0- z*)DFzpER@|aK;&lY$g-$&8H?WOQ+U)TGE}}@p|dV-dyUaBNN$V%98-Ce}3Bd_3`e^ z_@g8V+sT?d^V5l3HlOV%c&4X&;<@#nmcD#%I+4!y;;te#|V7PPoh zI@#n&`8uNU_GrlKizi~VWx052R?4yq>N?p*P>u*jQMbF2KB_A(8EFoZr?J@9a$H8_82O z#(cg=&L^C0{%!W77j%HM!**iM?!vysI{6rvokOWftOjFEp$o9 zp3&s-`;2I#FWMOJNriYPe!O_00A~1x44M2U>LrT1O^&n#A}i~ z9uV=#zC@wPvzBlLNMKD|lTJVp`StnkY!7f2F%$6>U(8g1$1`gU6fk#YlP3VzJf68d zpw&m_mL|`nLar}02~%gL@}PspW|28rVwXZ$c|2avq$$ZvLo%1`ZO^Vl`t(E=_Ac}k z5NFA~C`kjD$qK3VbWatzGhOKFYp;3R+-}f~H+g0>wU%nTwRH*<3E3yH-2q-MReBMr zBc92ph(Tfvspq9Vt9r6)d!$TiO)Asm=}LEYNz##xsJS0?WFu<&(phJnS=Uwi=B?E$#^MsIRJ|cnt_anjmiEi#r1N5zjx1q|vLp^DJbtYtE!{1?ZJM z9qG=&x^@ScTv9pI5ny{vZat|({1cS*Ip{%z;wfGBOoo<*wW&?!Xwd2{*N3+Sx31R4 zh0uv{+lXg8%?oCFfaiGoL{k7k+)hwiA!KO#@rFt(Lv4(@316+%+9vP1nVAJFT&AHnMtLXc{##FwPaanr5^%wN{!MG`4yPTNIi+sJ9is+UsqH4FY-Z6bY%9_iB7B zFDsz$!?+Yjm4+A&w%fh}v|A4h1Yp%}f&c@;c^K^rUC=bM z&;*G5LqlT$Ofn!db0E_}LT7tCy_q;jJ`kGmf(N#&tb*2-H;YU6bYyd-J&~RzUFkeZ zz8(pbI7kZ^IM<^BRv|f?^MGLpFfKglfd{~wNJ!3*X(qi2B}b0{QkNs|!+-%fjf5kboeReXPA5H{j$F38#J9Ez-_~})tORoPcu<%3OoKf{Xy`;ki|5Fr&@Mih zP)!(r1SEl6nmmx@pkmxigtCMQUtf0*8Mtv7NCtQ1rc?wnyheRCLVpg6k+Y! zwG_%H;yoCaMF=UU4}^UV4P3P)GmKONLbll}#DmR|)EB9F&_8ODsR zRALqB8=i`O7lzAbXy>>=dO!e`cL_k<6i~B*xfa!!pz%X{J{mJ)NmmLr z;=|mI8V`iJBjN$|I8#YaNfht{p^{;yhVm=T+&nOMfr%~ZcR82=CZRt-yK5LYg@Lhe zG#;PG*tZ`V`(S(=g=u7b)BqnuVeveBar;O-dTm;ZN45X(oMLjRPr+OeHPd_pYP-$RI#Mh`s(Wk%J@?G zrj#FifUXGiz#a?qiN)=8xLSxnuOZJ%eFN(6K&t*m6+yTifa`B#NuGZuqJbK;KP$oT zd5DFwk}}fzx;D&*|UMzpSs+7lQx3 z$=ZwBUD{%;S^Y@SRt*%Kf#rcu*x6TKh*E#1ok8nI-X~!bR(T)bk!4Ad#k^LiPIq$g0ei=h3fxBuE|2JuyGMcz$`IfSK$34-Y7N zwMdz~i&YA>B$(3Ln(OOHW-1KlM96{SH#UL)34od_RvbBe(CZta@u&yueI1x9; z4GGd5YYeTd0t==Kpq2rFo5<$iSP4u%OY*oha|Q*4XYL|TJP8)0d>-c0cuv>b*Pcly z%2ZFj7frQc@wFVrnev+6IqLZ0j%DO&N}Z#!`0|un7n%E_DLYZBm8bWm66m5~#kCaY zPgYz`X2n%s+_3~-oJC%oAB@Mti#u9yVzRb!z~agmjKK3Rrk>w%NL_Kq379Yr=jlLd zCNI$|8O0ro@TH~X(%5(~6zT8>{N6~i19X2eBk7ICq8;A$P(0qA^e5U={*D8SI~L-b z$jZzyCSn-=pf3~;?O)t6A73F$Gsi(Cg%;c~kG^AMiBX01!-_kO$5+Vg$5Ds$JX@gt zkHZ|loYcQ#uUBU!O^0Vb+QW+!anM#lPtu1KmS{%inK^HsXI?grmNLuIaY| zhYp1&wHGrmiVW0;LV=U=bdjhaGAo7E38+AqO>c(hMXFoREUY+1#O3qnLYi*aaGKne zMwHCFu|l-a1*bNC#$26q+VEq|~2y27W37FxNWk7QhwitsBHhYc%|g{&4mB zlxVx5ZPDvf=$N06(l>%fdZKH^Kha9D6*?ZM8j?upRhEpcn327p+GWY9b%|7_ik9sw zAk9IAic26Jg{T-wIo)YgYxxF{u~b28+f&`p$9rm!K|8Rn1{oIhy*0@BHHk76vi<*i~ zhPf!!EAa}qmFbZslGz(enCgl3X2umIJ<-M^EqJMO;)1AdS;~g)k`$@j9nGB4avYu% zI&is5QmISbakn$WPb+pSlgB+*vrjMXn1x#uQH?li%pHd?MnJoqNw>>UFe=O-v%u1* zV9o+Ry+EH>+%X*&HjPZfhV4rB%rEX}CJ!N#l>DdUG)y6n!6lO^q#fz!eIa=Hqp6p- zqbcN3m_Xj$&Q2kx;Y(x+X&*Zj^D#^akHj~TDWrW&q9YOP@Wp*mm_jz;D`X03r>2lG z`VM9a8O2w~6w;2TkZApH)1T$^XZ4%(RsWl-ZtJNm4pw%NyljI4xUe`;+7vklr%pDY=`c4wDf+C0NEeLeE)*xp{o$6VW&SiU$sdH{}n&I=o!<|e$oD(VE zPofE8qPXKs@~{!o4oxK|@qz@_^sHyj@iUe-wYI>ylC`ig&aB09C6YP>!#Gr7xdy8$ zaAa}E8Ms`s%ZDGfup3PGE8x9TnQ_G(r{ilO@&tUX+61-bdYp);EnUd+9SOthtfOAX zh18a7F@dNpU98%24ZcLwmaeg(j&Lm2o(OqE!C=@Mj0fZ1xUW6p4W&B#(P$_hNVNw+ zZP|x!B5F(5n1DZM#KK_x2DN1#UmZ z_FRL@s5Noq$f{!4Ej4iLvJ?!IX!myIVgWTufM6kS026b->x+1OKL6)q2QD4{A!lyD z0$i#P%79z*Tu=+%1-=M)4d;gtv(XkO>iEXo-mfuY-#_y6`i2Nr}U%#~wKD*@+X(APM+E_y%IH1E(co z&xyod6j|$1)N4AC*h^vp5qnNn>?QCeBKDkP6Ujt08IQn@nt(3=hdn!@-gaL!;cXAb z+k+8*z~>JKK`uW|b9rf#-QEkn!FDC0gBU}3nDB2BGCz<&61fu|*dii)_*@Z{Z?4vId^2 zQJpz%f=%R{apxk(hiZd*kn(Tk_sUO{tCh3h%k|5YMrFACxO|^{p(MNi>E7YKSQx?o zlYgCmlD~^z&!5WA=Oeu6+UXkQayy^3iMH!(McZoIX|{#7qikNAcfb<_2kVWzeaIPwH;*(&UT9p6YO&vjr!6JD4lF79!Gp7TN`M!k^PO6w1Aa!NP_Z8! zqqf;jA-%Z9q_-J)5KqJAb~tGWCy~j{b2!b=kB(ZGPcw+4Hq0ybkH;K3&rR|&C&6(z zieBDnjf6Dv$w3Y_WP4%x3nzZb`DKs>rBfbxI8T|thda?hN6L3c0W1FS8XkE7fn&mi zKn_Ww+v3TU;9VQ(lh(t;z(XmkJd;xmoekhL1iVlrOXp5Yr=?-J-3v$SVgG!(*8?sz zJ5!VD4=VPfgW@(DIZq)n=P3>^_IvQf(&)zz-t>kS`_b8QTj{jAfF{_!0PqkUEidy> zfC+X#I#X`5kqNfIOtAaM;7eqJEsTu@BQQUTrMxkJFzF4ZVm@zsBoXw6Izmw+5DUfq zNUzk7&Vbr%WP&Y>iGjkR!$?H}`xpDs$xoY&Ot6K@1iODEeMe=2eL%4v9ZIy>$jL&X z4o)Bxz|Tu&W1-l8Ag=feR^W;k_IiqaLSH<$D!*v$%)ahk4-RHSAHr&-p}g)MO|Fxu z4AezEYvDzpNqE}Vdzc3(JMj0Qq;Ookw!fH_z36m6BGEvcNi?LhjZ5Go5X~jc>*7=% ze2c@F1Y-jnm;hJu`NmQy%h4M)bQQXHGg$^#FrYgc;0gvDqaxc9>u6cVJFmMD~^Qdo3DjS!;;BVF)j}2ZG@cV; zime2W;|0N1V$_f`Loz2I`~PU$Yn=X`{u}*fIU*k_yQM!#FG@E{=Syp(({f)uLbKrGkF)pLPqWXqH`w>Ly=HsN_HEk@wli&Q+y}OmwiUKHwutR8+W|Hwx08FB z`!V+*_jUM({%jX>N8ulP8SvlO%NuLmX4_DUx)0Mv@8a2wVm~=BLxxfJSYI+4g8?z% zjTr3-Z!nMucwvNuqpNVR#2-y2Izq`945Q7|py(cxibvbq1Mz?#hEa0fg$$!^Y8WNQ zUdX`fW`V*uWZaj>hzo^)MBpyb;FbvBP_g)X9^V4wJG+sCzOmQX0f1Y_Q%`GjS zX6z{ukEla==RFuv%L~4e%O+TukrLN-!9iFLcy0nWM`#^^ecG7MH`%uiCb7tS(4xf) zXUuA8X**%*ti>zZJoDzxpSxt%%(l4;W-nYkzj?{rg$t&7eCvEcpRYP8l?1-Q0)E~- z;1v>bM0RT!B=YcS7P!%8RBl{0zYRVFIkSEj12?$PNy2E8YRI4f7LAQ-z;9+lJm0(S zXgCm>PEMN%c8%#lu=v9lMrRwd!sGm4Bt8sILc<~DX=t@E(Vyt;Ev!2XT>ebMYsN*$ zKjvY`J=Lnz`f1~u=dYQuc**h8+m;!}g|cg5KNU{^*u0V)S?wxfJFx(lDx_M!-B9$-1$=J%sTN2Z4I9Tp9y@;wjS_g7%8)keww zTpCj;GdMU*NOyQ4^&W5%!kb<6F%%)%P8!f4L2s#{st_gNK?cv zB+G5F(ikhPv0BT_HcT`aLW?v@0b4m~l)E*So8##&#{0?&Y;Sh2^+&MWBP%d>jTKm_ zCqSi#amrGqkJ>Q1*dM}`UObCby14}VRN|sq0(@FwF$7UDs@P9FvyvT_?qQ(osf>P8 zi~Rxo=EsxQ1W%WP3Sd|X5?`KVB`D&RAZ$SEr~P({XeH>w*^-r@$gTv5<4rP!5yu)G zej}9#bby~_A1DgjeJO9$7Yum=e!t)6Px(Pl*bY+|;*gU}NW?M8XgmUUCD9aSDlUmk zVMJ;Qb2z4#?x;**_AB;J!BR!)a23NG=3CvL5cn>Bp zpHh7dz4r4^U_-VrpMb4!gQ&30wc@U<@My7!{L|HPgpKwLfC|0P*G{H7YvYAP*U@XH z&74;_Zppg&%TMxWtEUhZySzD#Kvke2wKns1e z*gqK$KM69>n6s)Ov}YJ+C*gaEoD$J&BWY_L=sP zwtv}vY`Y6I0%zDx;vVC^&0SzS(B|Sk;NIeX4*v%G1NCPXKN%6e%AmrR-nFQV+5oz` zZX$fi5UmUlzGQ{g4gQnByFXTmV#6gi-eCwP3WTW@E;H%#Fh zbcqz0=wMxgw&lWtFWKG+Mp^8K#{+i)1b1pF%B+|q`{#(5l*byd!VgDMhBp#y4|;=P zBqo!gkheV$FggOMfIk_IfS4qE>WI*j$0R}>sbDY?MG~6qpd&3u9t}m$po(@=MT1Bs z`|5~DmCGV^6BsnwalKqb3>xxY3rV!sk8&Pe`c5qP%SEP5;(cr=@5{QGCR0e*b&Yeu zTlUMlvB76>2E2sgZwpY~Ldzeh-GziftJnrOMgR>cQ8u1~i!Xm;$+1^?(V9#4db`pq zVMjMw!otxDvVMi#1>g}KyW9e|V6b*A`*^P23i%m{AMnv!@`69B{AC0Xo|RQ+Nh4Ys zSJ75!!jL@JOLE;U1hg)S=fIOQlH08%(#%YTa;MxngKYQ4H(|b_WT{+hM+>}tCe;GQ zb5LG@yJIxm4(Z03sh;&qS|H!DbsgVTYeYt`SS{46cj4{jdbhLKKL-H(`gFYk1|YIywln}C(M7h(mI&fTrPzNeE_w^upds&D z3vG6D`hbOYsrMl-RnRZcM^50R7v1sbo=0~*++R^ICLXHF-OucQtuT_}4!DaRxXb&@ zjLrK8cEsH-;CC~Uf6DdyDYz$)4k-^hg=oboOKoY?oMQjUq!rt+FqX~EyywCJIwUzP z<|SDT5d5&$W(6*t?6r~cPWD|(H|W17;^d_NN~r$^kbtJWuS#fcunZ?7a|4MI&|n21 zo>a-)KpGo_6I=d7B;}1H+Wp|YGz8vD+rt6aYvT_`Q<3%#GB+R|R>?RZjp;}R!~Tv$ z5?oL96UV7U-b-b94&OoXqMlwvKD5@;b8eft$D!iS7t~uwIkIDr%XNV=zIhSW%Buv z6l{lr14PJQa_K-P*bN{VXW{V*o!hvh zN?!gOw&aRC1>BG>C!$5&>){)HrC{;W1)k&KizV2ESXyegRK9ZupVonI;1QFqKa~o` zQhsmBAA`kh($@joMk7&gN2opEH$Y0k=j`@iT&MJz@bMq~9ALckz;0)BD4bdP5BN%7 z9GV|>KlxDKE=F~vvVkuErBdsO3KC6`%Zo#>x2EE`L>DrD;*aIQ2S6g;-o9ME53Lg8 zJ>b(BZOn!}ssNDtX*goLCgttSWZUBzFN`oS3c(N9f=oV9Mi!OjH6$$$rh?n-+$#9E z;eu2;Uo8vZb~s=UOOiyYVl4$Z5cX9ppV3Bt2)^ehb!U_54)~}{Y1InmP}qs`xg22{ zd|}$MaQ2er&5LKXn%~_rzi&39F9(aS!ZP$$*`8K#6AvyGOjGET);+p)Auz?f9n=SC z_p51TokD%U5AP0T$}zVbRtle3qD?fjL=p{hnXovOSPypZ1`s3F*9PPa>CwVD-?|7p z>8I0AB%}fPlk_uF9dX#oOW%MBFJH{BDr9@9i)+b7`LdcdQGvAtt^~~@lf++o#DcuW z{-m;F1R`K_u+D{V6m`Ydz-KpeWw}}V4D<%ExRb}jPLWL4Ra0pG=X;o1+)1_&66vaf zxZO#14weYwW}&#Vv}^DjJjqq}1#wFjq;L*&h+a#OoHaWW)e+5}*jm*UNneB(X3B4} zVBOLkj`4lq1;u`E0p``ZWrc57r>Q?&z{@ZTZ=nO$BybrSEw=Z z8FXNf+UBC=5AjeBUx(=Q%*G>4n}o+1=zR3~BXv}&xRWFE>mx{k=E|ND+Iuea2a0?! zV4Q=eRz&-tGD%h zu&My!HHOUBl(FEpB^C_@QfLwdK|JDvebwO(Z#dB5@5vl!yveB5sCF2L)V97ZVkyve)y-0Y(%& zUmVI??!kN!EgsOBue~uVK`;Jvh9z@}Kfo+7z<^NO5I$7Jtl#jKS4rM%4!%%=?PH(G zUc1j{j`$gDne(8{avkW8%n?odUuBv{8UHGCxha$laF^DI8k3+QZLI@4TAqwy#Ezzz z)1A+tDq%@TJTH;yih|Sy#NkqjAfC6p*iW1-onPwC`_}yBKe3~&+-gi2UG?FKN;`tj zJ6Ej7c$UGmo!!dmfdky9k;f9O|KD&t%ISa6f2aRSe@6eley@J3ezks)ezv|^PwLC{ zA-+O&f-S^Y$PPkjUS z4m_?tpx&-tr(U9-qpnt$s>iA^^>8(z9<1uBP5F!RTjfRN$IADVZz^9_E?3S|`ji#Q z@yaytIMAt#Q${E*`S0=$`PcGKUL{YI>)@=yN75gq z*QDp9N2P7j*QINui=?xpxYQ!ek|I)8s+UGfs{7yWKe^umZN`sa|H3!iH@Lsx-r!ET zm%Hb>k8tPRUiTsHVQz=`SMm4auf(UthsC?auZUj~H;HS-w0N>OUp!hg#6!gcL_zpa z*eSd!{7m?P@NMB%VXJU~aE8z=vU*zmz|gkMW1|2lF~_bN$8jTi1)OAG^Ni`ljp4uFGBLx%yn4t`)B1UDI5Ru5qpr zE|>G~&K=HQJAdN*zVlnouR5=Ep6^`mT;)8)xzO3{3^*q`>zr=KM~**&2gc_dk2P|H%Fw`#0=2*uP-kV9(oA_T~1u z_9N_G`yuvW$nsbEv)x<%WySjf2UKUB%|T|8+_v)>w3$Jh7_^Z==P{_rpbZQgN|p=aSWQvpg9aWmO-;C$jxn=#h{rCn!%vy z3~FZ3(F{6@LDLv?B!iA%P!oe<42m)+!k{pNLJSHrC{RHnx6RKWgF!w9H8QAyK~ouY zID@7zsGdQS88nGOhcRd(gC;QOPzH@>&^QKpDoEhAjb+fm3>w3r(F{6-K?gBtB!lW0 zbRdHcV9@>y8o{993>wCu{TQS(NMn#%K|HrjW{|`nH-kh5DGcHn}4Ehs;-e=Hz40@MA ze`L@f7_^f?{S4Z{pm!Mb`wDV$_x+YZZ!_pE2EECk-!bTQ2EE3h-!SM^2ED?dUo+@s z2K|abFEQvv2ED+bUozv%_O7VQGh|H$>U>tg3+ z&J)D%i{Em8*?qP9a%mm-6u3^lK#8hXsb5eJQAaw5J7vckj+Y(JI39OA;J8OzB_{b> z_#61s`8>afpUWS{|B3&p@JHb(;Zflx;TmC$kQL?$vxM=&XmPAqC(aSqyC=I>xX*K+ z3BC#c;(pfsWB1owYh6oR^IcP1hq^fDht3zAKXcycy5IFB{t(y4uD`l|F5V#>E=`b@ zN(*4G!#UE+(l4ZYq}$~Nxm!L?E;?>^-0XPI>2x0H3^_f{gPa9txAR2jts{CHU9Y=-#Y_B1KFE9d>3oJy zffvUw@LTwM`ET&s`F{Q_{uTb;f-3lgdf_CYMd%W~C|o3L6t)R>3BMCw6J8RY6Fw3? z5cd<^Vv`sUr-~EBQ^aNBLNODGjKKD1>e}GdZzj41P9Sq-?&?Ql_NykdZNHNI|yHHk238_`OLb^nH zMtWR&M0!B_oAjRaj`W5+Ne;;;RR80*0|%aT-L2lD-oTG^y(>Nec^nJ(JR=_@cgSbB z9#enhctqXq+T{2IxL8!bqy7}Qcq4Gk01o{MxRC)q^gAz5e<`TyE6(HK-M=Vo(^r8O z>=b>OzEGc|H|tG$K%c5l)W_;|`hL1ww`(71A83Eney6>ry`(*-J*7RWJ)~{Z?$W-l z-K1TkeNnqe+o+wTtwK06G!TK1g#~}8baJi&}tI(;z)P`N6G>mshdf(i4Yg! zNM1#vm4tXQiB7_ix`jmN6XH@5Eg{4UNpt~@M3RfrL5LTV=pq~`aT1+Ih+iPlr6jrp zM`Alcmy_r+94Vb7;z^Vt*S<(lH$h(_$VMWL5Vw-(DiU2uqAPGDe?+2x;z-GnYgZGL zC+Hd+$$ur$2ZVS7iLNKnbtJkLNAi0ldKX8^I&$qsg4PrCWgN*n2>J?%Zo-jx6pj>y z5Wh;In+fr3f^H#5AkjI5cq@*?5Fw5v#M?=98;QP7qOajd89}1qB-+T21Uo55c&2RP zy%bV$68TzwI;T}MV&uLH`BN(?Wx`#Va96pA-@+YGxq)uiGO2f&)Vp#SxOW+lHK~4? zG%0xtzkOhmtN2$crHjMJa}q`>Tls(QvUE~o%JqUu-7X6C6{L_VmcLK(d_-s&SURa3 zg;b9G9g^}vp=)5u+k}mktmSW$l=tFDxm~zxm(Tf4lJZWH@-E@Ifmz>8l90NUzb1UZ zjTyjlhVx$$-2-wF-WDegAj*%EtRE8>?j}#+*CgdrVs4kOQW~X-;`J0Kp2qj_NfISU zM0!6T7att(NXkJtiMU>TqLPca)~#?;cJTM5ix|l-xW7rg5g95)GN_8B9`KI)#oayNTO_kLCEM;&zDiQQ zBKf&PSr!dIIHht3iN;E;yUALaNK#IaF4;{=vD6I@CpS!y9vD#JBI$-A8EKUWNg0;j z*iF`oK~nnU;k!xc`UOtu`Z+JL}vGs^&U0{hHV)6g;psSBFDaLDuiG_F|FizK{(}Cb{$2e}{YL#Vy{H%T z4*f*1{vW9~=pKEz?$rLKy`#OXJ)=FM-J{*CU7>B()@duXR&9Zs6aOr}ExsT=DSlVH zQ@l(piUqMlyiq(+JWf1PY!E%-aM3CJO?XFmS$IZxM7T$|Lf9;<6IKd03$4Ne;TXX$ zOb`wfMEJJAANb$!&+bIXIhey=$3kj;qNv)iu_&pUdw2!1+7pOU|d94>|90-sIfqT;uF=p5*+Z zbDr}kr_VXwxjzWxe>nObuQ-0{*zUO3af{!wj*R0}INvbc5p*2p80nDgAKTxx zzi$7z{W1If_S@{&+Ap@BZSS?W+n0bB#Hf9WeT-dG&Q)?s626u&M`==~Dr1%X6ubO^ z{5$z2`1avL@?G*x@)zZe@*25IK1rS@A0_+b@$&vMFa1O6mtK*6Ds7kUm2Q!)lD0^v zOBv}@X^}J?d@dX&jg%z!$L@FCue*N^XEE+~-{!v7eX;v&cdxtMy~I7+9d%D}k8x|- zF`6Gva2%+K>Oa*#sJ~I4Rez}7r+!VnTD?#`Q|(btQx~f<)v!8Q9i=MDzm)ftHXxSQAQd-l#vDyWuyT_8EF7fMjAkru>}xivH?VyYyeRv8$guF2GFPqCje0<8$guF z1`uVk*`K?gGT8v4Og4ZhlMNusWCMsY*#M$UHh?IT4Is*71Bf!&0HRDbfGE=oAj*IP zh%(>+q6|2IC<6{4p~4A3lmQ12WxyH1-A|cp08u6zK$OV_5M{CfL>YcYaN8)84Is*7 z1Bf!&0HRDbfGCp+q6|2IC<6{4%76ptgUY)Dq6|2IC z08u6zK$OV_5M{CfL>YbnQ6?Kel*tAVWwHVE`^s|yqD(J z0Yn*a08s`UK$HOo5M{st^wY|_1ELH#fG7hFAj*KVAGeJ%-~ggbHh_Lq$rBJ|vH?Vy zYyeS)A3&7J1`uVk0YsT>08yqFK$HOo5M{stL>X`ZQ3f19-(#MWGT^{9%76oiGT;EB z3^+QsjWXE)qD(e`D3c8!%47qGGW-CdOg4ZhlMSG|D$fb%n+&>>LEm7|9TjvCcYlsS zs~MDKP!EH;8I)nrDh91&P?|wq4C-W12ZK@!N-`)>K_j{Q+ZhyR&}j^6W6-G#YGu&L z3_6KHD;RVlgO)RB8H1KGXbFQ_7_^u{CopJH1=Vr)FJ#aH2F+*CJO&-lpyL=che5|O zXf}gpF=!@(W-w?vgPIw141ipsz9LRtDWtK^nL1s|>oCL0@6e zO$_=ngKl8Z^$fa>LDw?q8U|g>psftLia}R0=n4jXi9ugv(B&1Ra@#Ir&=(kVDT6Ly z(8Ub8kUb_==eJmq9tg3H|`mi9DQbAwKTWQEl4EJ$YtN>7m(B_zICf)%>6tX>?jS2kTUid5a#`9u;uJo+GL zVLk0~0X+8vd;?rAz-MPaClB;de3prP90mCzfri+eOv1_A{F$kqWFEQ2DIbdSO^=eZ zcV3TgMq~!Q5&Z-w9JM{A?(Ipq4M!ArPQ@Lq*oluk=;l$l&$3~CZp{jgClfEzNcarb4ZXkQ|^kJW(dmUcfIRT%XCZ5=Ie(=$EcyTBBMkG0Y zt(85o?Ho@Xzt-UR^-l7kMRNRFV~$_%B%fI%$FH@qsU&zN55jlEjrLdvI5UsKXRY8% zR^XG(2j7`bB#lG@oSE+=A6q1+FSRjozY%EqOL(lVII z18}J_FcM7kR76U_OwZ&J!g7J*5Nig&WQhZos-oiE`3@RjGp&!CW<||I;5JJ>{r!{X zl*VGfJS?^W=4W$=V{*rV>j;=Jn+cYX(e@fl=+hJYAEs+K^6hjwZZcmo+sD8r5|u>K zaqb7x6JU9$ipVAd{ila#hy7Ek$T4*PB+~q~Wniz#c2mY)Zt636T;KL?+?PGL0$baY zv)VQ*G<~d65-X}EmC<+qcHqE)Ym~Z%B?h3u%0#R`h)Up=H5vxXgn#=ssaB6wNdDW(0G0f zPA9@!1v5&_;s%17TVkGgIx$5<-HJe8o=&}TTGpNdXO^O0oWP{Hv2w8Ulr|w@1`7;1 z!&z+l4Dy^lhngGnkZrTqY99k+2o#tP!?6GcR}+JQSY+APoiGpz`WCREV7m`ag_FXQ ze|t4@S709z2Vl_7HjZo_r4QV+%PH|4-6x!u{)AK!tVH_>mA&$OUys~KSZ=yMZUzfM?xP7q3L*jT?#SU)rGda>wecl*CbcSb%Lui*#2*E zb>n{IzTn>FHghYvhq#A!6ua)?25_8kqifb7Zv)gFat;TP0W|bEv|+HJJ3AX1?f+s! zcTO$L%noJ-v$6s?!3dbxDJ;%{^?IZ*5X~$q%nRj)LZOUIXlS$vjLp_LB@zThu(a>n_7aO`W%6RVhj>(iaU0X{BL+68*@rI8b3x=1%MSiec zk0x-ajh&9XX8W>WkzI&LSmh7oC9vK~Ke2J^CyzCsXu4fTKMr7(u@)FWq?Xug z1cv~A|3om@3fyF_9}GE~!jgUMZI_XVAGe&n$cl7pp{}YT1~&bPhrDQARaqtBQh{>j z`Y2EZYx_WYnr%O#23E%)*U=j$4Xvz=fo(@{ZVl38xCV^)rl*H8bF;GZLJ-Ky%E-+C z$AAtAZ4V)g2vO7s_&`5c00s^Ra&ZkxVh*tkndt~-&z~|4@Q{*`2<+3mKeNv^4DIz# ziq<5oipL7ZPaZz0U^rN=jMRYKNbG-uJ@OHCHTg9*6F3P2Z+p#PY%Dyy(7MYev6&*; z?((lC@R~AkO?rB6ZaW(YQ9g8mRSv4TwolcWrpY22hyig9rqP=8$Y&N{#DBJsWB4ZRCbl@26!o1v^U?`9o1p{j!4S-)B*v|=Mgwr!}Bbj+Q;b0WTD7x&x5!WdN{I6z& z!QL?#+}kmXJ{repC)*fBN5AY2#~4L#zBooZ(J^}E`1p>&C=KAm)9Ik40h|9iFs=(O zkTNr%Vd%#Ny2nxEAI3f|P${7!uYUkig6-+{FB(PG7Y+E1kti44jY{mwJ7j_O4doqx zG1;87LMju0gSqMeSmh6tg~3L1MJ2Ez_?S@?VEYGvk&=p1SoiMc@&_zF=YUb=UquS= z<4*o0C|V>+tz-@aJHrL-xtGJK%}P_vT9nk>ZksH7W!ZcERMIXl4~DWGW~RZp-kuJ5 zU|xYb-S_6pocNAGILAzjl|Zy5AH} z3^}$?Y#SK%K1J;8J3JQBtqNOWd*_10_P*6uf&H6k-9V7^XM&6zD+$0?MA#ker_hZa zun0dVS`Cg!!NFQ$Fz;=WITRLmTztn#baq9jo}JofanKc^f$eU9J0*{d??5-emtpgo z49-^aj!jU&$U?LX$jCZ57+G$7M=re>#>a@Z?DtbKz{=2PEwVC$Fu3e&UHqEs4d4Hz zVkuubTKokx?2i!Id}+Q^pROP09qc{P+gbjX{E_^Ke1m+cTp~}D)8u67O*oN%hj6{L zP?{rT!dL$^S9k6wSm{5(-ONQ@C9X3eF58vjQn??v&pCL;Upv0WhSbk=JoW#HlvkC+ zcU(j#pBskIhUt3H?9}w9JGvr(t^g_9j0C|eAFLq**_oL+;LR_R5hyGI6@bF5NGPi? zk{Qm-*~^EPb{E%)FZ@Ifq7G!>6C5}pGao)PS`%YF%3w9!K6iu#acwnx*#PZ;S>dAD zrLoHD7+vs^l~fui8q}n*H7cx?ODh8CebHPs@9~L!HwW$T<-_j2y$n7oRENu^mjg>B zi+qb|bi|YU0WYrMY1FAfF8JXiE@j(UZC6%17u)_^D$X$euThcYra`4q|pYb3q z$V#N{*_RZ0AK6wR?i7GM&nCwCBW0z;t0ZB)EH(RtvU}<|Aa8`L%*4^UNEz&mz(*OY zOe}925%5>k6vfyLi5T!_P*s|lK_1AWO3R_xHaZqAFDosyMZks#ahGX}iB->Lg=Trg zN)o;?6VHM9y&~OqOQd>kRSi7U76t89Sz+Y^o_C_f#LeJ9e`b*Aq3p4B0H1j-_E&%d zjYK`A(@#B#N;ALvm=)8Gl)=7xC&Ua?DA>~>>(uy;3sKNOZ&qDRLE}(I1bq9SgE`~3 z|E`B7B((SKzmRf|L3EPp(hhrLbpZS=OjDu&(|1O-h#7bbJvd1!^_HIv@sYxq9P31NJW0wLPIZ-kd?Wv>(3MeBCx$z7{w2~ zup5YSWE46<5qUD{3^mcZ8sce@lx6s+Vfl2oEL!dFLkz{k?i_r>yPy`fuZsEtzaYn0 z**{nqqEkU!7{o*^$qg8PlzPCv8x4+(K+sgx&MIUs? zWjh0xh21KsPP@Ok&b=W5EvjSvb|n&Hovp&V%COo-3+mWbUH92mXi=Tzl{_@QqlV@+ z2YHd%QU^5acaHCf(Ohud*tK&-WknR~3yno%eRZ|mznkm|Y5>hgV-0j6HISYGu~jrT zD>j&$32%)~e_1yp3+W1)3>VT}oD1o4dI=ZOT~hOkGP8i|f#;vBTwsZjtjs_-5(x+L zV3$3ZQ&?1-nF*Hbca+hadSm0IqlMmZNFOALNhhwDfHA3&x)F)9yRwdtH8mK$V+miA}JL4&Mb1STO3qR|o%o zoHgOsgIEFS@Z?hh_yW#PO#iV08>1j%kKa$-{IO3C`?-m6lfCX#?76eB8_#e5qrv5o z_>N*a$mi$cJYur^L+E1@fSW5Sit7ch&E=Z}r=h|rq2 z%8NB|Xd=o1tAap(Jz(7rYj6KRTp1;LslA)p`>DO7(tb+%D(>T(oppcrvi`dNoqQtF z>`ml2B&7|-+sSniKbSLi!5RI<-X!lr?=GcE*{+pnTlG=;GG8ZOgRxDTCvF#~2`xep zPSSVc=kZ%SGMu5`EP#t=cHxwV0oFhMd_oIC=F^SwN8_@I^Sl4<41Xx3Y*1k z(sp^9ceAok9R;W3m*^$>Hs2^;3BOdR6B~R>4cVBdY}M!Si#-d4d~vX}#G9{dQ8(+I ze2c{`-YTsHY!fW?j1o$OoswTpl9zawD2voZ+G0K5x6D|?ZxJt0X=;nM6s-B}^v&>XHIj^F+BSWw=I0lBIIuv_BKU=6q6`)dc7pwbrE;k)eeZ*1XR!NpZ zV4<%{+9vIk`^Z)DLV1f(CkN%FU=eXKSkjxP>{6?=?fNvm#pm}eGGnzoFe=BW}I#Cg&} zS(Zz@gOw22OV|Q-BROTTR;6$Dg?!tLQPL=J2H(K%^vnZm4Bff`9bvSAbn^JT7O}oB#&2k2*XuC8!Nac4#`vanNUv={di7GI8|ic1 z+`1h|uj+=^*RDr;braH!jffj*y@}k~H;}IHiP#_#6v46r(yMwPuKO9W{#wM1T?sP0<>+eBqdXpfO>n@}lk49YkcZ_df@3nCt#y3BY@vHyA(*20I{#cA(#oA>B?RRdj zfz}h4*~d-rq!@=jJw!L%RMcmTxZRThIE-#u-RAet_3E#t>U{j9)|B z!_75*#I7&E_u)1AW+JX){e6v0XgAkF+XL$TbfoJyV7i8W zh)w^(_{MC+Ri|S7nq;J#iV!#c5wW2^;tJZXkng#KhI)Dt6&{Zy`0r=^HCVTob{`f$06O2kGPVRt8oP0x9M!eHD@9=Ohjy1jJS%< zSMdB&LW^7zE7$rzd;J_esEFy7zwKRS(eU1HV)~Ui>^>fG)m4~&%`C(wIv6X)eCvwdhn0`4Mr_Hn^2mG-B%dx`1`x{t0tf2D=%wLqRxVh%jFx{F5FkMp*q}P9| zwAjnFvQh=1Em05f{Blg!l!Vwg4{?KpxPr~MtLS)!@z3U&mMyBS9-y3YHQ$jh%}3-K zSUav_^Te7JnC~h!Up8E;HdyyTy?;WkL%ThX>DJJ34bP?X9z2JQpAE^FZspCGuK6sa zn`!?AKFIp#8aiJ=f9V0L6+t)GMBBy9ZJ4YF?e(&P_49StVfqy#5u4b& z*?bAotNw=htoa(TiO!QSe%bhGrq6+PaO*SLtGCr`o?LMb-rsx~=DXr7eW|@X4Vy5& zVFO~*qnN&twfj2S58T{Z55}+Bj<{ha>{*-r9QZ2h=WAJiTtVj@;6HTUgmThx3G&vx zcz?rIg3y28MtU9X2X1clQNF=ezHnc6yuKpQ-#^FuR?ztg>YdfcYBnFO&hXjB3AED= z-x7O%O>};SaD83K!MsBIC)960Ouyk7cHdtS8)^H&^FKm*-Au#reyeH!f%{qi zS$h&m2letN#MNgSRaSYSKF4Ex(;b-KhU<+j_UlW!Vtiu-rfX#Vz4<|mU(5JgQz6n# zk0Y*|i@2J;Cp;(2uHR{FxAKQ_GCr{4A($i0{sZ$5ombu5lJ1JJ$h8R8|F9CA0qfyK zu(C{omE~rzIJXm4kx8(g&xaLI9ayGY3|8v4D%)Xg-v`!)Az0^D!FqLxx>#MLHmJ)~ zSgor&)$Op_=3s>%)bh1DuyJ3a&CpuF&fGGvf4>#hqam7RM}%NK+y`_PX2^@dCgDO@qc4-U%3Hun;dUT-uF5FTq?iU?5EjAt ziKX5xz9d+eF4A_vj>KkIhgb0>>I~R5NP@NhVp#nr=}YxRdL3Bp+YT#N*w-*-7%luf zFWEckqszW|M!vDkH_g|_x0CK1Oj8yqo0Xlg_pngirG;QUy+r3=_hz2H40a*>V0V5q z>_o`EUB+NziLp!1Hx|P#PY`x$<|#|S`@t4i-wsym$exF~74~iX+Ctc~@atQA9PH67 zg#DFK#zJE=?DH(tcIutR>mc z1y=)`sUT#0K+Ch>q&j)DAGeXgj)^ea9^Y?{h&7{fG%DGa>? zA)g@(1BfeFJvLFk2j$$w(m%zJ$^$ajbUmXf-vqh@?{A{=H{@H4^a|EKP1j=jde+X( z$06O^1+nQDhC3Kic?0sL@($$pB#8&S8*v3~ADL?oVfy+b5t~`NG|y)=?PrkgTt>5Y zX`*rr+XEpf})doQPQv&1zYgV&oov3yv2)%PMa66b)J*FO zp3}zixq%^_ZzOIdoi6|f;{7X6VAzczoqr%d)(@L6XYq7ifcwrPG?b6MXFaR8m8)4g zHcnR3egNs&e9_#9*P9<^>FD@^=e)@Bdk*6pWOkjl58VF=(#;>T>$JWlZk30{f6d|t zAg)Rx2<4;mAf#jM)Ii4>%!@(1zS7OoeZ}sZ#E`X518c8UQI@_3UT>i73HeNA@h3Cv zi`Um|LtJ$&!#cdaN@O%0$55_&kZxe@*TBZ{%JD4SMs}UHGxQ5Kj@Q!rfM)%E-Exvn z=2p%i2=T8V-9Y;f&}`mYOP>og9Y+$kj@CEaw}9OrLtK@N`GBh=$WP+d(sGF0I$E!A zAMKBD-yJO7iI{F3?Qf875WDXkc6}n!>p6mO-(!sK%ILKO;XYc=@Vw92b;>Uwehy3b zI!kvAUSCVcJLLBn(k%w!dder@zPkwx*LM*Fn$9zT%P_t{VexMhl(_Y5T&$t>1MPbx zyUxn9n#~jIt6BWN*?rTIUeBK2ax|kyG0bL2uNgQfWDbsXX9=? z9Y+xVGK+6w$i`7i4x?GWTmLAdzaa?n2^){=*C4%?_Ct}|z}mNky>|nh|Dj)gf%k7< z?Y)}b2kB}10MhmZr0opI+P{U?1H9jB_?%U=ec<_wZejJdf%U@;tRHWn;{@`d;{?)w ziuW%$f|Y}fgY`5X(rv}-8#W`ZX7h0i?Z?o6da~Gj_cg!_MH*Xg(idI!?0 z+5Fz}N2J&N0dXUpCqTX%$>{C`MQ&qfq}OC1w$OeJ@yD|GRF*D;^u|6cp7uM5Ygx;# zk73v8JOb}e+Y|VRmt8-PU7vus<}AdP*I9fa;)WDrY%&l?xA zbXVZ@jkSmy(pdarq}S4Rm$;30A>G32bK{dN-J>jBf5Z)x@4@reA-!fEOZO(y8#l3Z zQ(63W7SGys9er^{KbG%BI=_|c?;g$ZKl7jR-P}L8H@P3-pW~n6 zujb47{>E3vv*4kuvyan1gcafms;>M~`BZs9xfSfxmntKbzTW4+D*bg*Bdo!1mrnOw z>#2ragu$LPPj`2%`)u$pf0SErz3N)yx`lhC-7%ZhN_(19jctI$JR7FsO!JO0S@5XxD^l=qd45iN=>x)u(QzUTxSXRQZAh9pIlpA7Dg*n ze$bn*0_##q@m7&$a13T(H%D@8yj7srPQq&<-hUdgV&xxCv(Ja@V_o8{9-0mnX}gkR zJV8*TZG~z32$u^LwYv6(cF_`T14^)$(2ML%EtS@;@f{b_D?RB$yB>i$?@%?z*>32b z5{!VdARJDO!gJ7I8a}6cuWs?yV`x&WtL}-qf-H`d$thn;oG3ta+x9XrG5c%^Z7z^WoIh)dRpvW@aFm9S8>V4y!t--7J!y*=MpH z5}iKB^O1%@OfQAQ zDf>9PYMu+h=d^Pu1dg6o*v_6NI_sXtLPp11d(+;_3=?)Ybwm%M8DX5I(&59#8E9g* zqNP6;AOcwQ9(8OfMx1c|U2iW^Z!h9EPT+-II0YnU5*-nurx{TRl3hZ5m zS?3x*VY0tZX?b{Nbb3`7?35BK4OXw9=fKHR$Ujusv@RyP%mG-?vI=X{#Y~4m9R~Y% zHRK2u*p90OYjOkqK?Mxw!Z9Z3^z9taX+_(NgK+w5=g0@^jnEsC?cF2!ym%`bp1VAN z_nN$kDES}sBxReTdd6Fm=p*r1YIn!6)ZXz{G#Q6yAiA3tw5*zeBKNQrxf_uW&|Dbu z^KMRlj)uVSs7JTd+)OZlkR8nmq(^gufvnuzP#{zo3J212iwc8aCMl<=FdaA!8Vf@% z*DWOy&deyx$teaaU9D&Z3gHa zrhd>&YcC9+a;}b4zyWZsjtVTh@uktkR%Hbk)SDOudq&lf63d2CF4!~z69y(@K|VKN zW-yp;@g$q|wFBlfZ~!t|42Ct)(&TuwT^+9RgTV!VNq9CGq^=|f!HP>~)`E3vP!pdC zCYt=kz+;KnG=dmJijl)&ljfGkz_cSKZSPp8d1#W}GkQ3lpadgIc)Sw=XikA-OXRY| z^@4Csq$Y82vH?a}Ld}bnCQ73&Pky19NO_5Jscg$EiFY2Dd_c_yU&8Z-LPu!=UDTavkP;LVK9= zF&nZ^0k$Dw2?Yga6C#;tK%{KV$9PCV0XE`(b@}%;%q_bG2hKT;i?^cDKeSuWt$ofx z?H07k_SQ`%_W%01S~>Uo?iTko?z!#>;IaI2_?jEiH1&J+19g-7DEO^AM?GE5QvRiE zQ6?+Hlq2PF;MMO$=_Aiuo)*tToaZpjabbY~t=^8bGlPmi~v1;ER3ASbooO{lo5Os7)?oSr4q z=-A4c{*k58vZB~@1>~=Cux&H8v?8j&u`QTaZ868kTLZLzp$OAs?@xevroXKx_DIf% zx1wqEGpPjA!<1l5mj#o;#nGC%W5P8T`iDkg&MyUnHn5~d`{~Gid+fHP?n@tmOX?mX znihm9l`Ph*+@L6vY(+^*w)IY0mL#(*BkI8DK@B;w90Pd;%oD;1=aFDIdMd2wAm9Er znYKUJ%qNDF`$P4RHIBaw92=C)MZ-j}7$mp*tLA2aa0V}dM&R%zlI$-rG~Sv|3pWRg zB2KD}Rh35I-DC90{$Wlh4gTS^loyUG1xF9ibl7aLYk;=9aM$1nvTKkLf>^ZEWs9YI z3FB<=~$m_Rn(Y!VW z`H+4|4zSK5ecblMiQ|a9%bLnaWf|E-0P~NfV26=3FPwM=``sWp5G$FnF!&0Agd~cj zn-ePsYIX^j;vh?&0lSHFiPM8%m6uq$E(;e9pr$*}Z3a1Zn#Qbd1QJ#^0&sq{x;)Jk zHQ{hQj0JPkAwLWjH)ny{l5p*XQ8>6cdi-hr$#A^Uk`rMAB0CMXDSn-Er$H)E+3gJZ z!43yIb6Wt0GtmwQttfL5Xt!ZRk|)-pX7b&tac^Q;O?YN(pmn~sJ+mZCDmK?+R_fiX zodB5;vaS--DB11Efn}9*64ol(Ke;+8-Z~ultP2N%xhZkrjSkb~F#EhfM8%=@2zmaP zc#5l3!g!y_J`ZV<>(CSjk}z6c zLrM6E&U>4Za^tNh(^9iCT9zzq^Da564~t!D%+Q+Yfo-CdFl3uO%q@7kNw6M-ZK6pq zWSc#lY%@e3j%>3>YBZRe70S#AgBPMA_yAH2pF;Aoz!wM@8PCcnOwSBP({q4rqU|qa zf<00S!^OqLq0IDRV4G+&7TIPG8{0(FvFr{9+eFK;$ToXWwt2+~@zxC5a0>^~hU;h2COZE`zd1ZDO}b*vT<+*p8e_RHkL;uQS$wP+K-wXEw3sl ziWb(+1Xm{&2VfFmw;k{H8B12YHJ$e0bFinFd}TjX3zJ3AHd*u_OeD=7A;(MOtpjK; zymA=k{o7(9)JFwv6tXj5+qgz1Vzv?NNYf^=+Gu~X{@w=Fp-k}#901wo_Hl>kfBulX z&wDxf8~IcDZP3eak{^@r0bTvLTmyaurpc$nKEnXe3hyF&r0+nt|2^p?@IZLKbc?hA zH2;@L=Sv0Bc+gAFkdBplNV52Y*eZS~ZV}gu%f*MpYs8Di3eeJDEKU@Mi#ecao(w(? zeg?hokA*jdXF-?$5#bMTrl49V67CYFf`<4&p}&v{n&WQIx1PUwwt8OhtnxhJxyf^d zXEtc9FY%o18S6O}P6iz9>E;pnUHljP`}`}Q+x|5F0Gt}QkT2uU<8OmA1Vi~O{&+r# zSKR-0f9c-le%-y%UGHA%zRrEAyUJbY{-b-cd!#$$?&nT%`#@j6S}W3~!kK`9T7NAS zPEWYiZ`Hr4Th$lTRq7LP#^NUR3fP4yQO{P#s;7eP`_XDQRaAB>9wE2kzD${Yz<|h`e z+5E%;W%D)*RGQ^>I)qIH=I z4r-T!`rbkP=%D`TpuTlb|8P*>IH<23)J_NWm4o`yLA5!kRtL4iL4Dz%KDVgeT>al2 z)ZZM`XAbI92esWnee9tA>Y%ncsE-`fhYsok2lc*#`ip~l&q2NGptd@wcO2B)7M04? zzvZCbbWpE5sMj3S7693)edTvgKBnAO%AHjK{Yt2l@6-jqIz-lw>YSq9n?(@>P82( z$U)uUplp7c;R)9}u3hJ#u60n?IH;>FDw(Ta=%B80PzxN?l@96(2NicvmpiC=4(c)o zb*Y28#6ex`pe}My7doi94yw*U&2dn(Eebr2*ILx^U|qmLo#UX+wy5K{m1jAqX%6a4 z2Q}3}O>t0@9n>TTHPJzx;h^#z)C31L-a(CXP-7j`7zcH_gBtCiMp+a{WT!c(kq&Bv zgBtFjhB>IA4r+*l8tkA3IjB<|)F}??WQ&5CVTFTQ?x3D=P)|FkrySHW2lb>yrEv96 zIH<=R)MF0nQ3v&igIemK9(GUJYbx`*>sJk81T^0p% z&z%nHj}Gb%2esHi-R_`nViPgjJ_*0qhRE3i|`=V29ut*durlb_s5WeS)iD zr{E&kD<~JHdM0^3g45|^^x?+8U_HD8R>U8`n)p>%6|aMJ@iVY8eh}8ix5MiAY9p?l z3+wF(u;Lz~-KE{C{Xx4*n+LlAe}a90TVYS&Dq)^BSC|Vs1G8Xn;9OyXFbeh@u2*hT zZU9RNm&56Ym{O*Ep;arNXixFKz`6FLVP{}A>=4}H*&t-XF2ZrJk8lL+BzUz)U^n4M z*iUHl{7oDK`w*wVPDC2)MH~gY5nV-16oj9(?~RLK#a<3;_UW){KLgh7!(io}4Quxk zVD;V;*6%8;;D3T$g5UrCLp31sF1Mft5c(4kg)U0?=!CbNjbl+ow;lJQg_K0K=+9Na|A zst_s>DiF#k=o=8$W8|3#Qz`hcCX6WVI0C(gfR%G zBaEh?KZ~#lVWaRDTlH+l$mgWC!iNYSAiR(87lii^-bL7o@D9S;2yY?0iSP!(>j6RT>m$azL<}V4lhzNf`lL<2nevn4zrYxM{py!5I73@F9<&) z{DkmtgdY)pK=>EJF6D05h5sAX`CEGn+5pB3gy{(9A)Jd)fN&1N*~-`4$U}cg%q)Ts z){0#Dho0x}IV5TTt92N{P=p}}gAoRS0J4YVQHa;_5k?`LhA9up)jmQ8~Zk|LGdQ7P|vsF~aQ#w;|k$a0|lC2sa_z zh_DFZ282H#T#s-a!nFw3AY6^G5aB9>QxQ%czbrZ+;;uSdUf13J;db2uL4XdZAU6k*Yzk$a8%}P``PU+^o+k1+) zzqglsqi~9Fyr98~_C5Do?k4x2-8Z|ZxN}`UyV_hgxvt~tUFW;ba192ZfT=E>`#1a@ z_J6L64#&9VIM0y7UbI8b@XUBCb1#NkTgmNc-7ys%e;;y?65Qp~_)BA;9#`p)!GYqk zll;ZC)o|{w+E3JaiI#9hGzxCz`hu>F-Ro3xa(2A6jw;`rOEqnhO+~#k$Bl-wNL0}u z^wulj2q8H@MUE%MYRf^_JvrVwhu(Ms-q?9^No9FB<_B%N3ui^)AUFE1LLckNBFQeF zsK|o?ZbgJ>2D38*esYY!PfuDw6lM-67@RtPlf7r zJ)P=x=%otP>w2c<6$Xn#;hgk9UV32$cu&kK23JwhLOAuDksA$$;ShBOIVCvNrihdz z&xhBTLKTq~;Cb|<-;N^E9tUg-3I>@vN#sDS{UEOG00XGD4k9OG7zK4n^g4#>l09welIVPl-C?Oq zc8#}|)4qXr5_&Q_2@58~TgzwNQx;a1 zR92z$Pdq#jN=px=g$uz2CHVe?sVD%G3HZUrcMHG^!oe6grx^g>VKsq_0C9s!QzpD) z#{zJ2GZ38}CZ}owVQ{4lYM_bfBh5T-Fa{1)S5?mT52>hu!#DoQSfq$3b(Yt{`G~pp zLkH=>w2Vxpyt1gYxRm(Ugi_|w6RWwq>w4OrW9i?6uPiW{@avpe$gnAJPM|GtF?CrO zBL{>A`bUkKQm|(Vn22k_;B;}IfBLX8IQ0<)zgc4^jUL`k(r85y%c_92C1lsZbEf0M zbHVRotg;+_=-~-}Z4G!=t0{%!PjHqNe4>FD#xOjc*tZ~zf_59|Coy{Rwh;Oen706D z?BobkA-QvI;=ID%ylY+#XLn}NF?Bhf-RWtnmi~u(888I&5Xd+VQB_6PfGk2Th_{wt zQPE##&qHGndl&?W#aq$0;N@rH^wN$f@GCSCyl1hE6ZT9#Io^tX!DeAGOfjK@vqryo zE4mRw7n(gg?{nPd#akov@yK<1iU%?`g78pCZ${xEiRk9%WWgKR-I*p4;b8_%hQdRV zQ+Pm^peQ^frRL>i=0-!|>_BdMW;*ER=N5zO{-K|oB-0jQM$WU7?en;Oc&v_=0fVKg|K+tsMRVsshSh1IP%t|$4JQ1= znYcM~<_wr!T3rh!ci`j!O@2&TG3eK)W#s0Bb91u8>A~W>P^2iF9?lFEf&XnVO#w$Z zvP0Q$#xXY|BN_qE&Ur<-p{%SduxgbVjufXC<`zZ^6Hc+=VE=xO4S+=j;5zLvt-Rft z)?R%+wtvzr=WrcHV6Ller(Os8nV@MGDlsk=Ed%ia_&IZ7-QHaZVRN@TGSSFFdv_#+ zP`ty&*V4&hN)SED6=3;ra+w^>gT&_9U96fE(a6gnRISJ7MA2w_!qdx-LLj{zi;e<_5a`CoB5l@i^h7R(O70Y z4ByLdHLf$}8y6ZEfc5j~##CdhF%+!y5AZ}mGhl*exF^pufIq==3|L>+J#PMcPnB`3 z?=jFXU+nvX?+X4A{$BnTuqAjY9|J#eCH%SkME*2>1>XWz|K0j7{Y$Xf-zI%5y#spv z>wH0}UV0R4`QIvCqkrnV(EYXdW$y-WqxVVggWfy6H+rw~UgC{;OTE**Q@mrmL%ccO z6TymqcdsJD$dEIxmZ-ngj4bviDnBU63 zBJ>uz3##Dqd=KC9Kk>ZldDXKC_Chi}&7P+dc81%4!d@SFaM;BvX#ZjYcn>E0;|UYG3l=))4Rye9EpNFhTCeYh3t z!XWSA^~=qm$eRh&54?~Se2U`L_s#2ioMh#7^B(`{$R&cu&{MZV< zZ3VYj!56IHMz2|AYph^HqP)DuSrvJu6}-X<&NqXu_sk%7x%oPmn4yc!&|EWAXNKmO zq1k4r)(q8{p_mz}HbWPfp(-&K;niHuS&4MQ>p0`MJs0}w`KA9m!{zrk`Mn1IH)|j< zj|keItl-_ggm6UU*c+`2*IL2Ltl(TL7_)-qR&b`tS(YY3GE5p&pcUl8L`V$#E@VO( zdG4RB3~slAS0++xOj09B!-?x2?HqR9qn&LdM4Wu88OlzCMDq^r z+C&_8CG>{K0rZHWR@z)E*xw2sWd(b%AeNad2^O&D@|u_k$(_xRDe{W0M4W3YS$Viz z9{w^C@WLehbRzIrBJfZmup|-qVc}x zc$Ni(*CbLfmuIfRr*IFtuj9e9+1SKJ%i4erO?_q%WR?eewxKK8u>=gQal>V1#;mUw&n&hwq(%kZ7xO99UT zqW+`4Q~ykV&o{|;tNyC*8s8{=qu!`L;k(RN;3U9v@|AEF;VH7xmRHFa%9V1Fe3m?39tQsY z0`k%F5wa#fB|jv)z+%7->CfN~@Ga>DX|1$ex<|TMS}0v2RZBDBq{11}Na-XgDBmeB zl8zHUk&@w@f=B$9_@%g2d>KwBtP~#;?-OqmuLb{fwc`2m&+vw1R)Mf_GTK#a56_YP`pz-)6<$nh5gxExd4%>oRL%_&xL= zt^sTc(Zd^)t>7dpIME88fike@G4jpO1T!?=42?5GW6jVQGjzHc8f}I~nW59n&`2{h z!VC>JL&MC_P%|{d3=K9zgXA~3ul~bT`rmw9qO}Bri4LMiFxVy!3C67iY!i;e&a+~f z%tK-?wPG)^f)`uCi>%;yf=v7)Ih&DSLE5Z=T^yy&@x*IEBK@pe8LJoZUrB+f{$9kN30;*Eg&UZX~jNc2E~YB@Xl$Oq+Mku(3`Dby%k)Z z2zvCTR`6jf_>dKR&p72a3qKj++T%)W|o0M`~yj<K!+tQdX~n*1eh#iH0l2R@Q*|c2n1P z2&l!(Cc2SC#VRWt$u5p$f!*|+AgG%~f;oY_?CiooW-za)I26f><`reNuk=(Dje&cr zD)f+o#v)_jk&G!6Q?1N|0u?B4+6vMqTo$YJQ$JUJP~snwKRGj_FLPBE+l$ICQIMJg zYAv(D6$~i2KitKXSSQx*xsGS&5XBoMh)UYRBf!6sWx`l$Cn;&L+4hg`qc~6 zncL8(6^oD;%#OFAFRSbEJW#Jg(`N>CNzkn%^>IOMw0bU%9vYkuCjekJz!*Qf?C%2# z_S32TV#~K%AYm*$FllZK{2mmfO#lsj+V8;+mE{@^X3q4?eVcDb<$CH0&Kz&%@MY@r z1qJ2^E}%oWfR5n;I*1D#qqyLb0vyM5nqXdlz^Jd4HyO+w8_o9a3de8E91k`-TdyUj zdD_orzhlu}Dziw3ke#zsW{&NbZoebbUb?-%gTKh}edBHD za%u!lT;jg!rc1mH-A` z;%#pFW~h~)Y-#1Up(kN>hozO@Io^iug3)4rGPRh0>SeS`@9UNXUPo05n4|BQSZ?SO`G2L*W=uQDtQ{$ao2jcgJy2 zOP~W&`I%rXe@{^mdJC`-=03%KMC(^MlZBrC(A})vBMh)0bRaXQFj`)4W_f9T_3TL_ zOh+>GhOuyzjhrweNkCeN4JaxjP5}>0a5&I|y@^9r?c3@H7gFfYdJgtchm6tTwgc61 z^dikhD>)8@&ZAj`JU=bodJ!EB3nt)`epB*8u0wpVIgfQZZ81AR0qq5jZeSBg=m}hV zkFa-${aN}yu*tw;JO}RLg{=Pr?x{T3uAjk=5>FCEVF#Q8c-Oeis55en<9#pc1NFXo zlJ>fCiqc2%dB5|%?|s;No%bSd)Z5SNm2Z`=kk1yEh&PCrilzL`d?w$McZt*7e|JCa zzTLgRJ=Hys`^43i`+@tM+sZx1)pHMW54w87V_hX&zmBfKg&#Ybvb}V!SbMR*$Ng$G z&_CWbgtFH$bRI|*C(Vu!KP&#>W5@a@QP;8l3DrelpMmLhyKsEk}!}Fo;!7Cv6KLl@a z<0`>v?pSjA4NOMh)>B7n@&F_X;(FTj_*4^%l$8=25;5>sNIeu*m4OWgf7nk>2@~8sIGUzy#%m5zcGSV{AP0?afxV*I5 zKNS2Uf{)^&XvME|Y#aUVFc|?hgvw*^hC~#=Z4}Gd3-uA~hZNSLHnFCiL|(~1E?QAr z00-Y@R)@=D1vIV}7LNT$MjaFzYMoB%+ZO|1O!cG#2gg(|=a@q0-Z-XurFLW!62=rd z{bpS|r6@C+TL^oX#4r<#Xmqc|MszQbpV5028#SFODl4LpDu)({r6PM0=*fyj$n&$~ zZCNN&oI}USk-sUKBHif?$R`%Bj zfJxy{Bnw#5qKmOX*lz7CX<4_0M$fSKg5;`rTRLs?%g?}j%_Z$2PbqtyP>zhZp<}85 zKC<)f^GI&I4INd5F@f0edW7Zg0Q!PBpQo71-+=A4QwY;Tm$*1UQ=9`7o#WyFO-Tj! zs#)ogBH(h_;Yc8>FdPbm(z6N!k(_W=Mi#h^3m0X<07c)pI6zZU(ldgY;jCzS2)I=r z`e@`6(0*z;PSlkMR@A32s4&M}9{&tGD9Y-7Ln$EORQVyC^?J4n2qTe!hvkinU zZ_k9!4N>sqAL|=>Ma&Fmo`+7#(qsI(q!@31?2S zoLACi5L6Rg?E(YrINM@dT8DeJ+jcDNskqurIoQ>1+c7j3WJD>1GaYS@kmqahwxf_U zd9m~Vk8mbj?y^?4nwc$kZ4JFYMspBj`cN3onejG1at$_nwZm}^vd2N=_qI2F@+tAQ zR2or^O>Z)&j?N&-@wOvr253Mn#c4ooP`oXLUcCUbZ^wYz{-#IZIlX8W$a8uTD{ARr zMXfEF#$vbb)mvA7Pux8KcBDQC-W!sN4wj=d)+$sqwZVX zm$^q6pBNEiqVGp-t~<+pjO#wv<*wPTsB5xom}?lv!OG=qYyy00Z?g%=Ro8m%onLLq z`QOV}`O)S6^`3rdyzM-!QtWEI&H1bvzPyL4BP9{yzPoxrRT!*jm4O|sXw96;>REPc zT)An)AXZiee0>K8-NYDI1(*e_jmE&jR%O}jXrLlG2aIghl)_KAY%bW@3e=dExYD4{ zoNMbdy~$LFCT*}2^_FwuZD=}gI_<8#Mf2lGzGbzGS`!;lS5;P74eS1iwH3sq8T8UA zwqBZwy%b_6?-m=(1aI|ilXj2I&4j{Cw3RNENKt3d2$Z5yol;ajy@XO!YHCg}Bb*MO z+Cgl}f~|w1+{^$N^?{#gUO1yToE<96%>^lH0=)@mmDCh4_Yxt_?7@y)+c&O=r_(0BF+%Gv^`NDw{cN*Pk*Oo^+yRkk^q3JNrcL&P zX|}|s!ib95V2ZMOc4;KqpQw?5tUed4gO!!}$)5Pw(n2s7HkT~&$s9>8higDoD5~^V zRMz;TbzqeTnyLm?`|WPI6MyzasH`vm?7gvX0nn2o;R-))CBOqqtLdHrs792+27n*F z4wOa`xstU*{=^BxMogMCeaPg=Lxzp=gS-34EM_MLHVw*H8Ock*=%TB0xC^ojgE_h= z@j?unCt!bwy=KgRbPPAP$im+rm<5J5Yak|eG}&O82?p9=0bc~hGwVP_hTKZtJ`7nC zhtjm5baP|CUc^aIDX57Jh*g2roM<(%uUA@`R)!lkfpXZrA>|3gBIVRR9(-m9lq4+o z1%Qu&na)5_MsZF$*sdzf%d=EzCfW8zOee))4G&D@g?9h)V*k`)et&^xh*rd+)0ufb z>%$Brl82Lz$zKj{_k($Q6rK8zX`~V^a+*Ctz9JZJ8%c|@ z5SRU_zXgGs8BzuPlf8aF>H~W@wzluPudhTTt-V9;rVV26luYTt-XZ&9-hIYTn4GZi znkbmxw)eDqfoK;c9oW*R+2iw7ALmyv);VFf3H~Y2W21Eg$#e^oW~>DGXSgO7=%=7F z@=5#N{I^+oJ@D^Wu*)=p_M$=9drg5ep^i0OVZ#9W+i-h-O9q)OajGIdG2S+ecD*YZ zXLcVJ{&v{88*E=4Uf%X=aJIxA+W^oX8A_`h^+!@W+gQ&Pm&Du7p;dl0T9xemTNv$V z7rEogW_#Ji9adXSOwUav(lO|?735cvRs|!j1qlJUpa3M~y^TxI?G2Zf#Rl#+CefWd z>;RLQfeu&pRbe<-2`_+ue%~Y)tWoleu1J)A59in%$)kz%9*ecNsJ0k zSEx*(peaEbhI!^J+dR`d`QmsRng+bQ6qiTlWhuJKuY; zx7J$$XY*%x&+<-$v--pN=lB-zH~50MT3jan2~P804L$}d#X@n4NVFXWfET`Qq9ptv zvkWGQ%3nzR1oQ()JRdsz`&r)oJRhNVM9&81 zEAe6K4=~|BaklAEaT53nwEQd{o$$R#{0Q=2^I!0v@bB|)@vlh7NGVcx$tOt?2X+a* z5qF56%Ad&Z%WuiAfE9!mxe@FfJ}N&T-!0!J-ykoPFNeLGnDnBwQCba_6rYrqO7}^3 z62FDg0_ig9O)+BnXB9R*Y6{~J$QWy!o3LhAl!{`7s8zge?*{;PLg97l2!+?FBNSez zj!?iT0;Z&nP~hMbQq&O&9C$*CIzoYiPDoKlC~&|DDe4FX4mKf09ihO1CZwn%6tK2} z6!l5R>(nP5ug}NGIKt%!^AIjWxD??Mgo_a_LbwoNEek9BQHBqlNr_@4!jzz{yWHA2lsFr&OrgYNBqmT|JQAZRL0vn!wPBPPidRmd1a)%b z)^aI9{n)s*bV>v<*@=|shs1G|I2MWClt@LQCnb`Q=t_w$NPz7acvFoKy#6S{BM5&+ zpta5G4ag3zB)UDF#-L2ks<;Q<=JkIGGsS5kMwo- zg>**c$glbX{r#5yeo23~)8CKj@B8%kZTh=~{=PteH`3oV^tXZjK23igqrVT)-zD_- zkM#Ez`uhj^yO93I>F>q#cQ*a4qQB?sh1@luc~;0>N`LFJM<38_P!w>+f+`hD7%JL6VP{?(1|Ace#8c5Bx6SHKWN@ zv7bWye)+J~0BK*>R>IU_1>PK29b*p%zI8*a#1GP-8KkN{!)f&Y4ux~I6eA+*yovS^f zO;uNk7i)ilorPQVUV1lO*G26YZI|}7_J#I|_P+L(_KJR^evQ6Ge_mg&H|xu_3EB|t zI4xB>Lj6(wR&7&XW9!`WrHJ%rIHho<_fqd1Zx#3qDD&G1Zw1Rxmcbq zPm|A(PX~L0C(GI3OW*|AFZYzY$g1p-egd0=UrF1gze?{(Z%8kxN2@E;C)9`4CF&jO zP3pDk73wAGY_(D?0S}93tCQ5R>In5zV~6pn@wTzqXfhrHj|+>8xKRT(7^fMh8z&pt z#sK34!w+5ry8O2Pyf^>%|AbVqDA`Hy{(5^hWWR}T}ni3n#PoJT;?TM+2_PSV#PwHo0x0-`YnVKf4Z z9ElWlhArvqkQ#+2f{Z9UnA^9pvzxL{}QP-gjR$d2wx!36|$snN9ykge?#~T;Zp>f&4DiYc+Jgq-{UPw zN?D=(T2^SkmKECFWQBG&S;5X=oI+Ac#z2Hzge-(~gaHUAQt){ZWCRI8L=X@>1Vkf_ zP=+vzUX$sLk!Vz5WCcPwUb`FNE`&R^x#nw%MhsI{;xESFg?O85mkNRX0m}CLMl?YcL%tN>ofjzcPKbpRSj@o~2x+^oN|zv{UIQ!Ylh9pN^F zTa96^lMZL${y)l#)Szsfif|G_2q7CG10fBezj1~+fMorAW4eu+X_VWjBI6<(6*jK6 zQRf-A+o*F4G#g8wpict}g%Y#?Qd5j|Hfo~rs*Rdpd|;!-8sFHc(Re%Ta@oIMDAGV~ zr!=6mTCHBH-lpEKHmT3bQ@~T+qf{f{Yopbd;|u!w`Ht1U)Zf=%055ru>55jO6>7t^ zQ#HSqto~d5PTi`$t}cg_?jrRXwM;EmN2x>AW7SlZQ+`n1SKd|{l&7URnp=8OE6}ED zA+4LbQ+-KY3hUt+>d9J-R-q(u;CuSd9zPFY-ySLXW|! zeWo0i&rxmxi-rr7%arlTY06-^zkHmWDjy+jl{QFsNHf-l0a!P;Slaw2>aKT_$T z7>ca8ygzvV(ILHqnV@q38VBA}z%OB%w~zNIZ?d)|te zvd^XeV0>nLXuM-=F`frMjm^e#<8k95<6dL2aieh!_-ee^s5L5#nZ^v`EMuZE#u#p# zV&wd4e`&^1`~MT4`!D}>78Q{f{w@4d*eI+P>V+qTrNVu}ABCGi)8tCwQelozC6o$< z;OlX+Fisc={wG30y3kKJMo0mlk3K;XIPgO8jc14FQ_lyUx54w{X3siLljj-FW1a^+ z_jqmxZ;w}d;+~57HSplRep<0iF{)eos$N7mw=k@IUd}g};j} zVx#!9_^9}RunqKLZUg%n3&qQYcf||Em{=x8#q)&M#WTfxaWv@3oFu#mUkn4{@nUZ= zN%&HlEj=MUEG^;x%D>0I!N0_R$M4sWJpU7&3Y_z}G~4}xGv;^dH(vw7KdIyZK;%^b z9|GYZ*1y-S;30&r+yA|#`%lsVcb~`XCl~1>ZsvZH9FEIm=iL}ge+R)M@hj0mWGs;^ z^wAR4@-T+d42KZ@%*#|34j-;p#GsweQoJ1dk-q#Fyo=#r_HhcSkx zJYAk^7bgT>b{n9#0l)p|^?dq^cZ{duarAercOvIE3)N15rplndR4K#=(p>w~vf$dB z*Xi1v*Xi2)|B7;wcZMl+@%l7xg^ij5t(g$yczq&$71Z70QIm^jDqI?s^}yL7O``sQ zK(}9b^;@LALiiHlbA;^(pCHh!5?=iPDY_lPtM4F1w>)?it4^ic8oc@u=H|99`S-99=K+ z_@$Y@OnE5r-Bf=?S!0GTC0#;&hWzJ)`W4sE@LUcG_-!q;wyAMyX#I}iA%itg{`j+mYeq<~^W>^#=kv17;n{_dHxY>w>uXrBImML+Y)ch23p zcjnHWTW01AZPQABA4-4IU@g~$v<>>gu?=0Wo)-F>E@00bvYtcX*{+Ya9YeF*yY25& z$f`<-%E2?#i19SJ_t>_L>Qi4xTP|=1x5ck!7_etYQqi`hd> zo97w&?USBfsxG!Ep|6Ez&l`$fr)@SGq4P=4ewtjXm$vbRm4rNZX(#;Vc>h^Qdr(8j z%pP?Ct8blV&s&~Vsj{^%_H4Tr>P-u1k_E#_z=N48fzUvG;UK{1bd z4=_?wIU23xI3@J049lq~8l_~U@hi&<6h2Ska}+*{od598%KiUVI!3|h_8XPlpoG2{ z=yv)>psN9XSUZ4hR{CO~Tj@)muEzOcF#)ovVK%x(_kCRr{?pX}GhL0n(KY%6hP7{u zA7I@ZCB;fkQZi1-iAu&QIYG%7CC3{b{%07$sYb9w_5bU8X|L!zYDV8Z#-V?zzi<6S zf7810PmW~w>wQ$8s`YWKoY!Ejv_60l0k>Go(dT~=#{8d#74&9Vr&^1x$6H5OkFXY5 z541+D`(gb5F4msb9jtDv#qx{gJIfZ!hnBZ3ucEd+Z8_N(ac_MO^9No|k18<66gZb+ zt-U4Axy~8R$ zx6vs3pc*Y<>xPjMc3Y112kTef1Xf7g+q+x)_j=D)o=>n+;v1fq(<2-_4|wj{_BG&~ zbZ;{CC67RV@_)sDINSfG|Ktn_OPOV{We)oD*H~&T4;v#=+Ly6@x_+^$Tl#|3=ns8% zYIKHPk{Su3k57#S(MP66gXm*Y<3aSHsSzRiL8;oI$L!ZS&5oa(L-f5+^Nbp~0i#ba z&IMn>o~1D_$@It%W5kO(tJ}`@G2UU`!>|J8A{y7>@_q07l172Nj*$V+Xqs(N$3`8R zf6dfMp&m$)rt$2l``bUS>wSLzGqbKnPwSrXdTiUHtL_Au1DQ=J=d#9>J8D=+!fv3gCc#Cl}u7H zk;J`&Ar{~1N={R9s*)v27Ask#WTBD;O6DusUrB!@348s&^rTw6)Kg_q-GUacop$S` zZb6IJs>q^5S7KITQj(*D9{Mb5G=RnP3q^W%|lRE1`!ri~Ax)=P5Z? z$(c&dP@<}onssAw&sC9gl+08zL&;PnQJHCXiTF z>00UHvS41NadBDcsCC~wgRp#~63VTvhW6;HYg+fsR<>D6s3fp3rXt#ru0{jszG*75 zLfDkCARNu%Wb<`*H}kcUa}0;pVSXW@8d|*i>3)V@8z7L z{fI<5^lxFG9$Jp$IQ-V3<>0RY12j8ol_STl>DxRY=MS7V%kUm{7#xJnpO8Oj_RN`Z zX{Xjd!z3?%&~L0bf)$_w;r^je|3I`L8i<9XiA&V zL~qk+I~ltipK+Ie+-q~@y$3^qKsd5}hQkHHL_F*d?_@el?`7=XSQvBr9RGQrsF@BU zR1gnf6~O5BhXG4Ggc9mynzf^G6o+Iyir-tSDf9lqek7WqVuuRCaTG~-N7I=-jr|$D zuzw`i#uaS1*&7Py{=f0@oaq391&M?|h6NC}t7xGDe-tYrMS7af>|q?hWE=pR5&YG@ zAxXJS$ynP59d#sKYdDsZ;YP)l`2cXv6XDSI2N1+%hIJ(3JxpiW@{A)`n6U`jUE7Bm zUZw|O8HDkMV?X#koHlW8e$jkd6yeBea0mleF3P=3rXvXyBtoGWT9fUHB3OV}EN+!& zI<32LAek?KBd5)rcJlanOW=TU&g}V9OY+lYW4I;EKN3Dbr;=~M%zF~%zKFhBY}8)`waOD;3_j1jCD0l>ykY~ zqvp?h7;jfcM=5J%hP?_!#~Ln=etSK@7FZpf^C zkHk%B&f-i})t@Mc;!K2s+vNzBSiqm~2X-*c?riMlu#DwaGwUT!7|v(m>oFAkgmHh}{yfGD z{E=`l6!n=VdyQR&GM>j&{hvO6?!=PGlMEN7naVX*5Q*S=&T#f(1ySSr3wuqcdW_v< zet;M@c_DeIGM-k3&z@#@7A8+r?HfE=vL*A*aWjp@w!g;xv4S8TEFy7_X`@&`nI<@mJ?@(^Td7lLRFsUl3iOYJap(0LKE36A zfGiQz$4JO&I>lk^BlEM@w$>!wB&*UKFwv--+Z7}wjAejB+g<2n3BW^hJmxT!+OrpA zyGwAG@=}c_`B}5nHIQ+SAru$d=ilCLu*XnA1dUEOY&VtIj6EhY7Ua?M$HNu&@P$Sp zQvIL>Br@eKSP;hpRs6R%cUd@rM(ExYab%V(bSV(=*&ajmmh`0>gtgd=bu>J2`*k$iexe=A#t1 zzrE4H8_xuZ47CJL3wWkV1TCgny0N>=Pm0@`O7edP_r~qcSf=a+3L>#M&e!&}GJxAs zEEI|8rn5Smdt!%Y8QwRyzuHodBX|x`k0EF#v0U(c!`m_4f@l#j<9>mA?Xf88^h@G# zv*&DoIie8oybup1g1^1TlO+&|217wJp4v@DDP(?XPw#@?L)$fO;$1ZVkXe)9jc-=Q zQ;!FVKxF%8Cme>qAcmE`V_}nN7M8}_{>JQ}w_&5D9SP6Nw9a(?NMjwXNvH;Dt*mw@ zBaj~q^bf@FKTZbPf%M65XNkuBI2|UZ>sakqYk}t5?0CYl*0I_(%d^O{!n4Vqv{&0# z+V8bJXM4)_sIAF%5&XwZu^;5<>$1Db-L;;uke# zHh8Q1!TPoJGwWvS+t$~tFIhLj|K3{bYHKYVZ`&<7#Xm@T56q+ z@5tlek8Ol?sP#~5p|w8-P!ym)x3{g{R*BKhD{ODrHrY+KpD@3Ei@l58YmeK57{R{> z=HVCFXW2{a6YOK*3GZfmx%~>v-*2&hVt?P>W`6}^@3%VoV5WaJN3J96C~ypg2Y^Dy zILF!W6}SMN0cstq9QQl!!nlIv&WoJqI&X763NHrr&PwNVE|c>o=N9L?u6$P)SI{-w zRph$FRpy%KTIsq2eZ6h2S6nZ+ySa1SPPgvv<37|~h@RfCdxR~|c7QEv^V>$*hS>(& zifwajGi>MD&cJAZ8*SI%E6PWRiT!+g89evR!`y%k_AebyhwkX_ z7!Ci0(;br>6&THMm1CJ>sq+lX7np-F4^y1Q&N0qWn8h#{ea{CtqfWoGA7(7{cIG)d zJKavJQ^TBvuN|K`Hap(NYK<>BHac%~KImNGe9HNTa}zu{eCzVMdb;*;?cqAe6?YvD zZv^z8d&K|c|2#ka-}p~|@OS=Gvk}Vm%k_)&bM({n`T8tTFFn7L4>Wkc9Tr{i_kU#@{I6W- z<981Czs6*YGj)AN;fEA%rtlpK;r9tvjHW~g?@tI{rVu`$@b|M6Vw5HRev(3r-^AbR zD5R0Ft~K;Gd_y6=jzV~d!rvI}i*OZ%7}blv;VlXwM(-ko&nSc#rHinFLX5`6-|!!W z5TkAp(x_V(M%UtR8eMCQqQ&1diq?hEviKW*r4V9NEJBQm#pqfJU0+ko=SFC!y?Zb& z6;_NyMo8P+Z=$~`1rNN!As!=GvHivLH>GcQc|tt=G9oSz~ zx`_U!zBh&Nyofy7>F<6N!b>C4xq`yWDJDu`fI>fo zdmEt#ZY&XALm{0b51k{=m9))33J;|401DwI5;+Z17@{ypp-OqM@wee*5@}vXVL8Q& zqVOmRhfz4h2t8Cc++!%_7>c=(LaI6LDHN~Du$cZn!3gc0=#Z#d<|uc#IoJ~^??T@>C);T;s-PT_4v=%#aFIQhii zR5uJCpLQCVi|~2+`#B@zapkS_cMFBh6gE+~hQiepHd2_Ruz|vQ3hC(p8F`~UJCD_a0P{Q6}zeY4dl01+pv!n?p!83nu$02t6wY$@%5ujvj%Pk? zGmk>5&z?E%zT5V=z&$j5=cR3yP^jvys^JUWUt%OK;$KgSV&N=Z*Jae7ndv-ti zQjqu0{raFgbhG(q-w(d8eV_R@``-4whS>^zti9kJeyimZ%llX_;1$eM*kD<2X|W`I zFJV^sO3S^LJ1jR@uCZKZS!y}XGTgGiC2YyJ^ssccxb)BUxAf=rr}TCDYW+6-D*b%@ zOns4liauSRsE^f;(TC}W>4kbi59)jCyXiaW-E`l7=YOb5KDs%lhAGit*lpfz62=H2 zn;Q0P^TiZJl|+<;m4uW8l?0UdmC!IHn~#Pm*_3l@n{OYo{rOV)Pam;wZmxv09Di>jY#8Q6Z(gi)Gi@Rc5y*LfZGi!LthnI1@Cm6oQDa5lE{>HNxW}_cOA>NemH{O&mixclc z2oIz1Pzn#Bu!zDzmS5CU8fH7bicf_p-^3T$yZrXvU~HfB3Wa~8a1&LP%P3q%;iVK_ zLLt4G_~^~VcOk_rrSJj@&!>>ySbX&U<2#39&Zh7z3d<;@_aYzii^_RAg{M(S&y+rT z?)1@fr;naHeGAD-Pe?v`iuKV`tdE{zeRIf4Ps2WX8uroCux}Q{)7zSF2K{|9h0`gV zMqvqsQz@K6;baOYQ8J*wO zG*L)zhF*FS_55nYcz&VqX9|C!@J9-NpzwPNw^H~Wh2K*64TWD*_!Wg;QuqahTPXaT z!p|uDl)_Ia{FuUzDEyGZ%@lq>;rkT6N8!5^zC+>L6uw1a8-;ID_y&cqQ}`N%uTuC5 zg=kffM`~3(FVo*I!DGoEa0l`)I+=eZ`&SA4RRVvN!2f&+7*A`y>x>rFS5D!z6kbE& z)f8Su;gwGBFs;qJN^@>-Hen8Oc0cq5@Il|%r+dHkZuY+7eagGqyV84`_bTuC-bLQ& zSTit)x$ND%cFzx(!~O>5ueW$AF>}2f-uh32|MOzZQ!j$Y^S;mdy% zdhz4%;ol4X`!)FPe;0oH*TY}`&G6NKHhlNbgP;D<7#nZ^{PX9-H@}W?1DoNK|0&x_ z^uk|-_3&0>Ji~O`SoF{r+Jg9g(9LGYsD)49ZD1q37u*HU1sB1S!D;YXP>fLtMetV8 z7oG~-@KUe^9tvK-N`bX_+rQDW40F)uz*E7omcdvVa36S>&xI$1ul4ugK_Q8r+6w&& z{R#bCeSu!0kHNZs2kG#Ypm)Jb-&U;j_Zqy#uQG3NFLRe+C4@=vjW`%%2=>8>2Dxq% zRy24Y^U0rZCE;1I0_z8yi?stvux`Lm^xONfwm=t`6{|CR%b4Tj$zx2Pe1U!2895b!t>DOxa5VX6XJq7J5sE?ps1mz3bSx|35I|=F~Xh%Uk z1@#b=C#ZXx_S0&+3hE+g2SJ?$brX~;$S24v$Ro%t$R)@r$RWrs$R@}t$RbEjQ-M}% z7Gx5XBS>pcHNOh_MbOWJeiHPfpdSQ%FKDZv?*x4-=o>*_3;IgXmucEptJxyxb3va8 z`c%*tf<6}Xk)RI+Z5H%_p!Ws6C+J;4?+AKZ&|8Aq1ihK2eYBd_1-&NdRYCB7n`#U2 zyEg=F67;g5mjt~i=mkN~3wln_vw}7XdPdL&K~D>MDouN9HBSh7T+n(!j|qBG&^keD z1+@xl5!5WGNzfWWs|7U*N(yQaR4=G5P5rc*T0u2}ss&XEsuZ+J(8GdO3VKM;gMuCq zbibhc1l=p>9ziPv-7V;@H0`C;+$rb|LAMLKP0+1r+C!@;7IadYf?DlhL5B%CRL~)U ziUbW3G*Hk0L4|@27IcuH1Je}HY7Y>!zo7nt5`yA_qJkoV!h%AAf`S5q{DSrqR3KZ{dU zA?R{J%LQE~Xqli(1YIoXB0(1lS}N!QLFWrPPtdu7&JlFBptA&(;fZ4HuZbgH1mf))u{C}@G8`GV#Nnk#6Ipi=~u3YslwmY|twLMt^x z(8+?P3z{aVM9>sLlLbu@G*Qq5LF1hsd(Jp>p=KV9cg8aFO7jZ5rxwF|`DVQhZ?GHT z=e$X;)mQ2(@FrUhFXv0~ervaASnE7)@xyC+iKQ5C(xtW%^vjR74aa!*LR*Ec9HZRV zW7a?|eCltpZN@uzo;}w-*j|Wn`=uDIUyO13%duj86a3(>v~R{p{Y@C3Z+B>TtM|iq zelbQ040kMdEOnGQ7CAOKHagZjnjBjko8ggPbLQjQz;KLyFLcH+YQF+w+P7dRa_KmcHn_&$En1KmK4_9OL=>+VU~BKNmjyH0xID7R+yG zvu?uog7xs`UTa-xU4fYm<<{kx*HC6%gjo$G_;xTFKHLXmMnl}{#}|ZrYo0aNYPV__ zL$C$w%ePrJSvFz>K@+|vtb|Yc3QM_VImQl@Sr*xr+RE^?Vuh^@BO^9qw1j5&+xz0H z#&FCQSY%&eudr{#H;=9MEslIgo?|d(HIzC^Fal#GzLZor%JJP~tGUp((iivneSPuu zCeN4avztrI73OmDa`RGsxIP%;4dVD7(HGw7^YmQZu50)zvBkXE+-BZn-e_KruM@R; znZC$b;v9|H2ep_(u-T=#^6>Sc&{gVM>Z-*W4qM%Je6?8Wu5hn+w|O+rQqLmaa9^Qs zsc(}r7jqN(V!lEtzV4Jc%bhE+zQcOVuV`~_b>+JHVx5R$*J!Nnu-sej-Q->Gt@RD| z)%vz#hQ(%l`B?APuvSE0cOJful)8(t{=;&7FObDU|8cGKfXETV|Gfe$L=Y^x2jTaiMQB0+B@7k7+okq)smko ztvb?ByOunLbs)zVD{U-iK96;dq1b*Z+dp7^fwh_S0YkCfrL0R-{F)M0+Micj!~0va zAIJA%btql^E$ch18(EXA_pn~WdJbzT>sZzytP$2-SUpM`e=ros`zY%ptQCg(w2C}K zalFe|PgVBDCf55|uVp=#m5#%%HJ-?PIBT4Bch=5IlfSZl!umHuy;{|MtaLt*-uKGh z_&)3NY=4jSIo8$6zBfWr(Rh;hX*}UBetb^5d^~bRmvHDqeVs$F5`;PTp z)@NDic)VI2=ckVAR~^@{y1Bd^*T1@<%>7ySWbMLgQd+x(^>x-KSgToYXI;*EI_q>+ z&Q~qxt2V&#Tt2lf#WhquUaf}89m?fiL-hbm^&WaXZ+`*nJl657N3kBr+K;t6t66C^ z=c}6YRlT0$IbYSBuWHU$HRr3E^Ht6Hsvg9@^BZc{*4UM<{)Y8!)@N87SXZ!K&3d+> zUag+$KXjUkUo(KUfOSXSu7Z`W8|;_b0VuT}&{1sXdR|Z0AJSdL>F{;9hSI_I)Sh^? z291Bm*U6fXd3#C++i^M#d#LRic2M@F-B>&E_H?}=J+5aB3AWRDvTIGlnCW`OcBdE& z9mnxEvMy!i^W4Doy5U@oe}T1`^+7|C4!2_s_p112s%O|Q)iWr!uMKbU_8WM+Ls+Sv z+O=k`r%4-c_chz8KEQr5^JryHQa!+ZfX)-_RG*+!pP*cylE?D)RDbMR3texpf6nQ> z#`-vKSIK%SE1h@jhwDqSL~Y-~<=V18b6?i3{JY1PsXVb?Iv+^q6^_4-^#Zkha}6_H zhuEI4!)Cs2nx9biRxaO`t-L*5$Jm~)<28Kz&0AEuYd9Y*W@b7ruhz1c;+AeIomMXY zmIIi%{a8cw6WjCkzJ`t;O!WmipVOJZzoYYtcy2$MsGi%kRz7bnTyL8Ae$h(j727wf zbeeYObk5*(U*LGI*R7W`^YOHNz}w%U;#=KHTe$wUQn`AyCOST^*1EH@SM*fc#K+$n zG#JN8%($*)LFI3yD<#ukZg<0qAzEs@$1@oKCZzyhhNa@-<<`!jNJBi~* zFdxl)F!Mpodo%Y_-1H*H-@@@XGhfVn5%VJEh0K$cHf?5J#rB6e{s)eKmE-xmuU*f~ z^{AQ4do5p2Yd=%JYo>CxYwNlwUdPwnx*WC#J!M+o)HB`hDgXW?Ly_J%<|CQ8-CNh6 znd*sGTgTVqx;=UOu1cGa_bfNOox$TXwO`GLdMo}Kjh`-$)Lc3qE+o{ z=U;#Sx0gWrYub_Sg2d+Fu0yEa)deKc;Dat@Z~&-wWC*=sQ8*3i?LS*Mhzh^rfIL1Z@%YxuDMk zeJbb^K_3hHNYICA>aW#)An1KT?+JQW&}Knz3wldXo1ixZy&>pzL9YpVRnRMf{w8RX zpqB-`l%|AM`+}h71wAL|SwSxfdPdL&K~D>MO3;&no)Gl7p!I?t6ZEK{b%NFkYE4sI zt8Ed~BxsGG)q)xYH4ADGR4=GbP_3XELDhn)1XT)pM9?Zh4+~l;=%F;lwAu#*-7n}q zLH7!JP|ylNcMG~p(4B(r5Olks+XUSzs6x;!f^HUclc09}q*1N*hO`aTuAdZiov@V) zx>nHDg02#DrJySWT`p+3pvwd;6Le{s4%X_zfLX|uLHTLIbHUDndJEb~P%l9{3hE&!Pf&M3-2`4K&SDiJhQ&=f(F z1x*q(F-;+@c7mYsf{F#5BxszVv4TzzG)Bvlt{$=p(1}O6@Ld(fs56s zKM_b2?UzbrzYe7m354NAyQmu*{4IP z1Y`b4Fj};CDwVxEkP5tu213YGQNL6w{W_FNFcFI;0!4eJQrYXzrxJj3@<=3+2p9ED zrP8-UslaD@EEF!^mL| zgo8!9rBd0gL#aeUu~5igv}-DrT|1OYAQ(r%6!l4^(x(Hdz_+&HJwH^mODdIJI+RKf zPLZSGqWn}U`5j0FOQ8fq@bq1@b1IdcJCsTw<_`x#MZHt0^zJ|^Sf(T#3df^GJEc`*HHXavg>EbIZF z(A{&++H-)tN4sRO1i`%dbMxoI1NFSw`9;&_j-N0CH~)R}M^2kMbNs~o$#dq+o|C_@ zWb&;1sgq|-oW@I!ydjPY~l4VW=`&b<7Ivu912HuX0T2*z4LSimFbkN5*cd8xzC zYq#G&@|dAg!F?SG6?IRg(!B$zU=aGc|7`O3I zQKwWYojQ<;u|h>68jKg^rc%l6P%2n~2TjmI-?pOkwM*t-SCqzj6A3>aL%gZO_qN;b zA1z8OClLz3lYfyXm5QfBso<^>4aJJwsZ`t@NCh`1JmleoxKgROI+O}lC&1%Oku#Nw z^UtON=kH-Gz+pTq7CBO>I69OH+Rk7&P-IV~V(&mI#;OWfKPpmWOQmA#Kq|)Ld;kkV z6j@WLSUZ$T1P`rv;IyPtv2-YvfIp0-ql)xYDtZS}!Q(uZn+PU~Fz7?QimEBNfBaQ6 zq*fb|8LCyH+uhX%QFAp=>Iq7{~Nvkcm2-%|J3aNd$Y{{H~RmL`Ts`m|ASfP z|Nqth|0ll&{k3`f5=ei|8=}?yB&{jd;3HnyhH-f$v^p&751$`lCOPU62 zb)O0PRM01aJ{I)3pbrIY7W9Fj_XWKt=v_hY2zp!4TY}mIy(#DoL9eIjFs<%YL9Yn< zo1jgCUK8|^pce(bAn18P&k1@~&_+Se2-+a%X+cj3dQ#96X*yJ^TQBG_L5~VrC+KlO zt%6zvH4ADIv_{ZsL5+fvf*J(X3#t=TE2t(-hiG+Gf+__)B50MMYC$UnJtXKsK@SMJ zU(kJm?iF;8pcR7d7Ic@OI|bd5rXsEGHbJ)vst|OGpxXuABbnZ+B4`IeodtCgpcb-xPwB~7Rk3k1yt60%>iq|1UVD~f zMtK=lCH%da-I|*H?QWx);OjBdzZP@-S71(hIp&Nn#R&UFm_c5GIpm`;i+nIV1H|DQ zpf9`wk^n`S4_rYxp#9Y&E$fhQ}A045dU^>3Ca_N^3}k;DU|nyT*F(1;mslK(W3qP z^Iw1eb4$ROzvR=_oybb_roeG#nl}Zec~elD$K=!2eyZ$i|Hk?#>q=Id_lWIiz9V!2 z$4_J(ZfLHyhUQ5^Z)3iU^)%LLtTYc7+tEB+sGs9^Vs$EA{T=JOtk1GGvfj&jE$g|g zG=D5tTTSHvJ)GmCtbJI$N*jMMx%`q`en~FBB$r?EIJMto5o>_87pq-q z!#AvNvp&Ph<=1c@Gv}*;=HKON4V?!1-$6eAQDu%GK&$QR&t{ z#`*~Bt*o4{dd^q~LJtpg2)?!`*;-NAI8eOl`l72o~x(%={kjSzM45-&77}h&Q~+% ztC{oFv{j|oMCaY7HPLy8HgWs|tW=*7e*rV+tBLc~#QAE9v3*z8T%~J%Vf~186YDzG zRjjwLUc$PVbqec9)3%P-00 zm*nzGa``2>{F0;i_XAi9SbMNqls0_H`X=jBtXzH#E0{T74QDfRz8W}R4Tp0)=c|G9 z)xi0x=X}+3y{La#ZC}5ZbtUV~temfU&R6|Zjz5NVAS>sqp4)?ZyNa*-hV^aMXIPW0 z_poxl>iB%sox<_sSUF#Hapv7wJF{v^Yd>S<>$sM$#3|Iteme}&R6Yz z9N&x8p|s{Z)^}N-WnIn6^{}R#`8?J+tS7PZbzHMQb6?i3tT{@nIbYSBuj)rRp7T}B z`Kso8Rdc?oIbYSBuWGJ`)dl=}&R4ZlaTVvQ>K*2dtbD$z_Ng5{M$iU9 zPYZfh(366m5cIg9^@1J~^r)b9g4POZ71ScASx}RpHE9~D)vp$m6x1N7UQnH&MnN@# zss&XEsuc8ypjCn%7PL~(LxLU@^njrI1>KjX5nBDdg6*y1>Gd*MnN|Sx?a$AX*yb~FBf#JplbwOE$AviR|>j9(B*=b3%X3uGC`LL zxGt%AN2^sS(8 z1br>&D?wif+9K$4L7xfwRM01aJ{I(mpbrIY7W6@yP?sj8X_!_&UQn^1lLUdr&}QDEYw+iv58wWU@bh1caROynyP*Q>I5c5Rhc9_@dp@@B&b$xXb!O^6$<>;_V5WW*@Egq3Ux0F| zR=oOl*5$0HvrcC{mUR&8eylsPQol?mt&xr!`j(1s+`!tvO8qjhU%`AP>&dL6Sr1|5 z`qRkgv60VTlFwW61GQa}>RTr*$@MGA^()EsE6MdM$@MGA^()Eco#b*(a``5^a=JN6 z8$M%wm32KUmtVsj%$%==GnhGF4VU*E)fKkN0Z zoUeM$S3TFK`lH!?5G&`ap6g3J*ONM~A9Y+W>Yh~F*VVG#$;$bvA&o)2#KZTn}rm zVm^y?7V8PD)Gl<=YGTa0v362g{WB})tD5sw&Fw@r=c}6YRn7UT=6qFizN$H2)m#s& z`*FIQuWGB}D$ZBco6JwK^7*Rb^Hs&?tBTK8)ePQ_&sWu9%zVD8_o!+gyM>v{ zeeG+^R4-tEoSEte_z`AmufP?|*BJ`Fg!w$?#msYsc>grS`e2 zRyTo}&JXwiW;!2WIuB4?#n*nx`X=jBtaP1q)oSTFgVJ>drRxkjgSX>+)pEXSLmW@n z8MdSAs;gE**A@b7}GoUdwX$GU1&oUf`6l)dT&Rz6=sq zd{y!Js+z~!@%gGcikZ(>6`!vvK3`RIy>!(o={kYFuC}k_d{x#cuIOcGCv9zlb$8az zN?U(r{e<;ztm{};vEIUZiJ`cj3R$VVJ87+p+0NHdD_=jYv>oiJ?RxNbR{lLP(qnG@ zO2xOfu|CCG$9fm*m8@l~Gg-NvZ>4sqlh#7%LEkd$&<(5&tSeZrVm+I6HtSf{A*@l> zU0HLLHvi1}5i8%9o7XZw%zE?xeE+`}qualNN-m#>==1tHVo)NS`(9?pR67-~? zCj>n%XuY7v(llOccvR3jL2CuI3ThG5ET~D)8bPZCH3~`!Y7kT}s7_F=pc+Bdf~wL~ ztTj{$dPLAFK@SUBDd-_V4+?rf(EWn$6Lhbjdjzczbhn_p1l=j<4neo4=_IY;HbJ)v zst|OGpqmBVB4bGPt%E7!>NLn2wE&?k)YEAEf6$c z&^$qN1-{`IYiQT|2|6adC1{kOk%C4DI$F?hK}QK1Cg{jCP0|{^ z6!e9lErLE5^qHVf(=<_Q_(aghf<6-Tp`guz-WT+qpmznmBj{~GZwYD>^roOU1idck zH9@ZmdL>PGp7@)fO@dw)^pc<#1wAk5IYG|~+L$KPo}q${5OlbpA%X@AI!w@^f(}X3 z7_Fg5&>%qr1q~2XDCi(T2MRhs(Eft@3rYxz3yKMf3W^8{3knGers;UCAt1;vXg@&( zg7!@luD`F+gf#aS)KAb}g8B;DQ_voQb{Djppj`#^5wwe-d_g;>X|&eRThLB|dI{Q5 zP)|X5g1QUpCa9~RE`oLt)LBp`LAio_g1mw}g4|ALVa^rk|Nn28%Z+ga6&OWOiZKL* z7(tMW@dIsGgMKB}t1qM8?WO3kZi9D%mGDYXMk~RWV{ZQ<%y) zSY;lb4>n>ggQb=-%c4I%vmE{LwdkMUjK23g^t=y7zxyKey06fUaSVeoH^0PzetJjw z|C%p_KjRevV?>q6?9J4#fcUWDnwK~}!rN2-6YM8&Jbm8-(|6qNS~Y!FM0)i7 zudCMdliIGDzB?kGz7HavzV~5!`Ywt1vsC&`^!*R<^xYEi^nDTA)AvBcQ~wp>@8<34 z`yk@!yC>r7Ii9||BA&iuBK~QPr~az$S`B?SMLhiu=~F)+;(Hp~A)bDRcJK5tND6pq;l`7HGZho>i@=J30CAs{PTz<*X{QE;#gRFeMk`BcU z-?F~Lx{;O3ui<`X&R4_v%$%StCe z-#o2~$`{(g@l?Lx8<{U;UBF7$73_3fLJ#8jy;<{EElMlDWPOvB`b+Y(N@{oVw2IzF ze0Oc_F{}ew3s`q#wJUA?hV^aM4Xh2UD_E~)J)3nl>sZzytP$2etUjeJR1dprE!=*# zyv*@ySsymEtG0F&>i`vBv(QkKH?^~9w=PogO;qmSn-sT<;O$o$+Er`i_NRvGd3UXe z>MQm?nSXx(Z%^k9_ZKSXuG+fpDt;Z6H<;U#wN&mnK5kdmzM=NB_I0)W+9#QxV6I}W zWWJ60R_0~QmolHqyo9-gc`ELM{?xtjkErpxJgsICE9DnFl9|dCO!Wau^#N*A_Uf-$ z-(uzZRb9_~H|te~qFg^_-Nd@iP?UdIaSI&>wp+#a3f4JQC!{xoEhV6H-Ue0<3>&dL6Sr1_ivhK|4R=WCo*7sSTXI;a3KkId@+`hEX z^^baXu@T=@YoYpw{LEse`UyMLTiB^xfc-4CQ~gFgqx&}ORR3Y8@&;3TfqL1Gx2JXk zb~-PxQ~QDXyf@ofTj~74o~Pp1QT+#76t_ODw3+HTet#e{wKLtd)zof6Pcq`6Ls{dj zyRlNc*j;PtS_^!W#w{cyn%Ts>pa%+tixFOdTrc`xf?6ji{uu?Nv;=3t`|wJ z7fG%cNv;=3t`|wJ7s=!K_xv1_3^Dg+bt-N6j`dyEXIZ&kG(5n}`D(a;ne)}a`D!?d z<2hdqoUaDXR|Ds(p6h%4Yij%Y$62X;>8{n^&dm9$=X}-A;P^4Dhp}?L>hqaBO6z`L z{ebla)@IfRSvg;Ie7@@FKGt2Uo5*&~R~^+K#8W+mc4s@)x9(c)SBh)fSgHOYp6+AN zyEy(z)-u+ateme}&R1=i<9A{8Dy{j+P(0^9rL=|Gdt5JXaXjr0{I%kBbo|(!_K)l1 zMwWk8 zZpNGP*}i$cDe(ArxbFa8fiK_J*{6HIg_plqyia*o!@u8c-mARldlz}9dkeim?{401 zUc2W9&nKQYJR3bNo=VSMo^sDcp3^+DJjI?7o+3}w)7R6}<97ez-r|1S{et^Zyu;t? zzR|hLd57~Fc*$GhoZ%b?|9AtPVdoxrFLyeAa(srjy5}5g9o6t~cfI2h#~F@N#{|bH z$Dw$q?&s*`$lU*LtN<|Dez<-6`Tr~7_22OSznWG67;775E8MRCzY<>m4gdcwv;sh} zb%eFZYRvy{-~V50xz}R&|9=$U2D_-tbCja((T3AN~lRa3x(2VxGhmu5(=rFvfn2YpClW%#`Tk z>f*9ul>JA}*SurB!_0S>uQ4w*FEP(BkHbuWf#$Gz4|AT`Y5K|ZnW@e6oN2A8+O)!S zz3CFu8KzRx1k)(fp{BU0pQ)G0o4Rv*hvod~)frR2{Y(EnC6NApH%m(<1vLn26jUdu zR#1(gYC%lETJkLp6!#hohj%HL8l8kP0*==mIzubXpx|W zf))sxFKAwxrfbPLf=&@sDrmN#xq@a2njz?9LDL0I6I3FoU0*hibBeG{7BorFL_re- zjZf1wEmbgZCb1dS3jQqTxNM++J*=%_T6XvtxM zjuh0cFBDrIA#8^W8Z4+??-|KUg~E2Qpo0V*DCmGRP1Tb7 z3+gW@At){=mL~K+ektg4&fC+OuENHqbAEeirnTpdST&FKDZv?^5Ic zv%bS-_hFZQhu!cGd^y0I>p%AO;2(W=HokoPTfad3BOVCbe}Q<^lKKWwhCcOG|JeJ# zd5L;^%~|#Dd5isPFaMkpNMFsTX^rjf`g7pxJ#7QEYgy)K$#yLZs9nnfYS*%W+O;g8 zb}b9&hxU6&wrgij(UR@j8PIp>EkW&`(?IQ>(?DN~Ex#1>g`h2hJ{R(?IQ>(?IQ>(?IQ>%s}m)%s}m) z%s}m)%s}m)%s}m)%s@@z$kqsI_hg1G8-*jc#bsu5Hzs7g?!pjCn% z7PL~(LxLU@^njrI1>Gm;UP1Q=S|R9eL3gETiPm_hpgRQJF6cHvw+gBdbc>*y1l=g; z20_;gx=v8JplbzPBj{>DR|&dO&=rC%Pt#(pak-$&1T7PEsh~>)T_os2K}!W)An1HS z=LtGj&^dz67Ic=NGC^kwIwMVsw8ql~ohIm1K}!TJ7PLsv0zvZy%@Z_N&>TUh2r3mc zThJ^)GX>2Mbh4o7XHLj(;LbeNz+1sx)&C{6RV z#zBGx3K}4&P|(4G4ia>rpaTT$FQ~tugrK;fn4qYjh@h~bkf30i=4p)qL4HB|2`Uh@ zub{mJ^%Jz0puU3k6tst+-39F?Xjegf1nnXyU(n8JnyWST7POO~UV?TM)KgHNpzeaY z3F<1Si=Z6@br#e~P_7`KAg>^gAa|PZl0$0_4EAgz1cZyv8rFWd9=OQUS_ZG4)(_F zO%C`gbme+VuukC$&w9^hZ(po@xE@~>+T^Ho=Sr7`bqs4gTfKSSTIWWL1n7%V@Okjm zXV*2%cGv=ciES7iztQm4XOCkgzR?)LzR125>-4R_ntki-o3M)CR;=ik=jfZBQvlD5 z<$utZU-92xzY(hk4#!yhQez~)XS8RyXRxQx6ZiNrb|c@D=gIZhJ^!KA7UfEcUyjYLf7EA4Zd!ctUd=4)1F8wnr7-HSSQmloz(%$CCmuobp=Z1L8&4sC} zB=z?0SfSaCzm4%UJ+!7}tV;~d(^@tuT}|VcV5f1GdDYc1=YtXHs}X(*0&H>FiKF~^u`{9T^5n#OxU zX}lM-$*@BoV7;F80@it~#jHoNCRlf8rE<#C8h=sT_%SP=uf}!E53}CLdLiq4)(NaM zE(__=xH2e>D}&OwGANf*@(Zn#W4lL7rCowc=VDj|bksOxFSUZsx04&tjd$%K570eAPxc zz7MO<&>mXr5v*MQTX$pT>$!#MX%DUC6BXa`H`Yg4A7Qu?}D@VBL|` zuC)0Z*0))oVNJ5~@m94mk5gLpveMQRe`GM)!H?O_`Di^waW&-+_Me$|RoZ$kGnZFu zE;E%Q%IjL@v4-Ypt%ozuR@_YItA|#7wu*1Pm+e=xoz5%lD-^e$$o2-sEjH$-m9{oA zQ+eQcdopu5)zfkI&}z8+>W3(MO)sVObeyp7$4vDDJdnAJx99UyPvbaYpJK%4X=|TS zT5~fqT~|G{wR~NzrE#|45pmN3b zm#Fx4G~O4yn71Fq+jDugmNJiIJKgWFeWBvkbJ)JGr@a0BeGTomhqi{!2ei)E4tf_W zpSLx9KG#tD20OLe(8GAUFzYU?UZtz4ee0pE-pu?WYcuPEtT(VOWu4DDo^=>&f7U%% zJ1cGcm6h9*Ms80UALV!|=N?+)P0Sau(s*jbQ~5%Nb3C8VMrub9Pwgm_&u8*WwOx|S zFUjSXR>e0_eF1a2O;m5doNm)2#&&qVJB7EumH8ZIzCSf{c{D9%JLkV?3LdGq zJy&D@Bh~NLI{5boDqTnC3HH6%PVFtYo546QeOP@;>waSWko6_jR@RlQTtDi#-q$VS z_{pqXKk5!HEwEt*-&E9Cg z*?uP8r3cvi*v+1z*)Fh^*oN5p*<997tWR4Xv|eT{wH|E^T6eH~ZF$jBZMhb6 z@{hOlx9q6@q`$7O)^EYv@_2oqzN@aA-!ngIz8i0Z)69pP_cpstpPDw99x^RAonjhc z3Yog(e3SE1PEAgE&f=UgIs51IGTz*N@1Jer?^*w{{o6~Rw|PKL&>!^g>ksZ52;~RD z{lk&|VShm)5Ddhlv$B~(v0yY5ote=bO5oQKepeS1>>=kvzh&g1QMT~*&Hv3 z#)I)la9TEVFdFrTVkMc)v4VIo7DxoAW;2K4{zNn|C9^qNkccE=!NBBf=14dm3WO$Q zGy8Gm;poK7=14&_9Ek)H6SA3u;b<%x8=u)6E{F#r@j#+Dn>iGYC4zyIGMhs#x(ctiGW|U|o=07U4Ia+|a5{deUWitnYxDdieW;Uay zM*M+5d}uZ^Y|&`^h|K12K?El(5j#Aa*&mMjBY`2A&7lHRCVx0SIGfoYO$7Xb!!nzL zxW?k4Q1H-fW>nKaBz#C_Gpb@D9QFr_vY7*kFj|K}na!w*k#Hy;9GJ}<3I>DGz<`YA z0NPZ4I1&gIW;2HqIHlo(vzh%kpMk(ZnayZZLpbB%1GAZfp+r0!IUuuHwW*=d{@Kjo zU^o==_s?ubo0>q29!X>~M`B@Arg%0pYD?T7iDfoN3c@I~crd!XITY$2j1>4$%VUX1 zW;1GPJQ@y1!`aM8IUEgzGMhsMxB`RWU@)6G6!b@ep+IJH&}cmT{)j)D8ATclh4#y4 z#w|S_@)u+_qaynQ;c#r8zjJ1DxFCuj$6~#+nNiOI;mA&z z%^^HHMDfJcE1Nm&NAj^9Gn;YuPx#U7^~`2QgPjP6dSo^SjN4qy@6XF-4kd7lO?1y} z#&c>S7z>8GWiv;DxcuW?vzd*`5{h)mX!a*?vxp`_!5y-h(O$>nki$mI z%xF^4+~;OCqozi}IOV=<=13%%2u8fw%sAPxSlE-<94)|24i5+JY~~Oi--7{H26Lc) zBwP?SZY2R{HnTqv4aFml%;r!5Y-sK6naybSP!Z!HTQ)N;p~vlU~`e7;Sywpp93 z71lCqv9-{eZ`CYqmL^LD=EE0T3N85-4eQJ`!J}Up{NNR$pIbxUb`yH$%g{?-XwEll zn3djSsxXzAicN*4e3O>bmeZ6|kyDmaoKu*SpQFLoUlY9bm0|tBLUeuRz~@ zG5YQE(P!U={`v~^)fc0OIv>5#ZSE#_1!mG0)(;vptBLH6A_J>|NdKXXcC=MEe%yVu2ea9Oi8$Iy?Sag8v{o@R<8kf&Y<4t-*nxImHoHHH z$8NuNZ)ST8&kRvK{c87Qvj-wUyqaq(GTYH)1;YVsSLsK1c_9zL{+Y<7PH zFI{o%mdy5GK?IN3{*ZQaW;<@P$bT@b-IUE9#wVFTK)W%s9XHwtp1b_o4cY8CeYn82 z>$BPMk{^l&wCgh1BmE<|*9K!Te^@KeX2*>>5r}KoX13$GFcA;L1KKs&?4ejFo``8z zXSN&nTRdO|wX3q(Lq`1%Xjf*o<1HqPw~&B#MK*iHcsLAcmuIv4V|bpAYs)j+@yd-4 zZt=KwSvEUfCh$hDEz4{V`PfoTWF;l-IdYlO>#4nHZuuH zrqf|j8n%L>h<=I-ilU#mqe3ZL%ckN6D1zX^BI<`r3od0warvLKA`F`_!C^;a2;`@EiEFa=oFq%}pYnC4jV|t4#-)WwY;Q$pFh$#=6<%iJvBMIf( z&GVsLj$^b*D&I284~G*N43%#-&4*TwXgZ@&!AKx!%KsBmB^)&6|07^UlTj1?Ki&Zu zArOk2^8cXGu#7b2|FJ-W%GZ?thk_qsx+(u32H%@Vn)Ck&Q2Yr~{vVSUR){A2f20Gt z1FVlt`Tq!5nRwWo|4)XK;kY^fkIZ<;od1tQGZ--C|KpG=!{+=y>^-0>H|75mWZq4f z^8a}2L?B?w|0huJMAVf3he(@<$4&WvXiTu`HRb=&jA3SD!v81G)?&d(+?@Z%lOq9B z{vRC>6SgV;50*S0jhplTNi5c*ru;vV)nWlt{vT8_q+L_~AD+Bo@-9{6EZdlEH{6{|^Nc z>}ZEIlB7n)Clq-AALQ{6874 z;~^9NA7d&M8?lfn{|_^k2o~B+C#qnq1FO1NFlNgCgC-+`?&zx-{~rn^F}j%Y|1pfm zfw(FEk2=NZVaor*)+>Q!U-M^!2uos;HRu16n24YHi3=k&#f4C!nrEef<%KwAbfVr3n{~yA*7RMQ;{6DdZ z2!>7g{~(?X)+S`i|3i+%=wr(NV?_$q&XoTLO&*IRP5FQ5o1@XNIsYHWpqVh`|B0zs zJYd5AWA=ycF%&c9|1pVSmNe!6sj?|<&i`X{2qnz<{{&GMnezWpSegZ*ru;wJ0=PO; z{vWIGa4c%d|HJwgs%lgIA9lsyflT@TAhe9}kSYHU4I4&$Q~n=nYH)m}{6F~pV9cEV zkHNMe7AE}v;Qu%LKlbF`;J(k|B#NLLNe$76JZD;kumsx^a<#9O!!A#Yh{|7mZ z7G}=>qjtmSAEx|2#Fhm3cT@g9hJiC2G~@p<&0?y9eSj(d9}Sc317`d`CR&(fp?*#I ze@LsOeVgovBRAI zC$_iXpG^6GNK+WX$Kd~o0a3z)|BqsMPUx$kIsZ@1vl3(Q|HOVEY|j6qe_$PK%Kt;+ zg8h{#{|}K11E?wg56da2Ma=ns(zTMN{6AC=`1B_He+&XXsJDPA|BrqNeUT~u57rlp zGE@GaT2+M2`TsbKn#}osD4G*VbN(N1g=#nD|FIhj#>b}oe;C&Np@=E}p8%m6j}!hs za3FgBCh`^dchoYbFW8U$rb&KcUO3tTf)<0uvf@{vXy9_|J_0$NYr>1oMk2|Bvx2 z1b)3a|Bsy%ke;wj&7A)Szl}{z=KMdI9)eMG{vTQkv_^COKMVl_{G~bnpM(KW+?@Z9 zU~~e1Y0Cd6F}z}aHRbaB2AjahX6H!x0%i4k-TL-QKTwKM5cF+q@-j+PlWP$Q$#{f=7Ip z=Wm|hdw%ZufoGTJtJv57eoxg?_GCP3J!g92@IHU6$KC#N`ybkW(f&~T?)ID8Kh=J1 z`z7s_cD;RF`&sRY_BriS+S}Ux-nOUhskVo)^Z#pYpKkj=+of#-ZP~W<@JX0#JF#tQ zTf6%o?!E4(-H*8MMby6=-5+#c=HBA&fzS6P?s@JvyQjH5u7A2-a6RMtq3b@^H(Z~A zM}*7av#{6oR@YlxC%NXjj&pgP|8lNv&G;h5o=iA(T0&1r=ob?DxrBZup(iEugoJ(~p~ofkn1p^T zp+_b3BMJRbLXSx3VF^7Xf50!x@JllMq71(v!_Uj`CK-NChW{(W&&u#KGQ3fSpBCU1 z%C1kz@CF%vQih+9;q@~7m<&HE!;i@DIvIXgh98pQ|H$xzGW>uHua)8ZWq6GY-zUJ! zm0jeStU4~c4@NyYmCc{f*c!>EK0bZu; zxL^HmtjnXQ5i;L7?xp3hCvwyWY{Ug4gqdccKKyESB7tv;fXSwBg5G; ze3J~{D8o0%@B|qiFTADsX z-Tf~K{Zm5!kkH>H^s>dEOsMpx6wEuV7ykk*$!{#3U+o6A@9(mc0cJ#RoS4b5|__@h6&%au~D zzlWvpw0Y`meT&{->CR>51=ab>7pnO}Pj|o8r_WoKOP31eLblT7U!UvG6b8#({?$X} zzCwRj=Zd0U(ki(^zm_K#(Pxn7uzO{+iq^4GE8)IN`m`Q>-icjZiwBDx`c|DjB1aOt zi&~|ZIBLyf|v~sUMrE8V4|3o(}jkPMil)AE1 zNbBXYUUnBtxk4#d8Jeet+$CKjRYhL2FV{a%(aZDHfV(nO)aR*M|B(CSPEu{Bp4>^Q z(0$QGZ>qk0q@C3NX{`Dk-Dhg~vaYTylyjBb7QNiT(ERkFk!t;B_rI(xC!KZv9`I5njfYj2`fdbNt0 zE)3)|D(WMb)+#zmt?FBg`9iKj>-^a2%ZJfoypcV0@|k(OJWg6wsPxXMzC4*`E@GMX zvFh!x>dTYp$w$+Zho-K<28l3U(9{iT5@F- zts6}xpC3{O#A2cgWYN|ZE?ugYa~LY}1ucUSK*jS*6}(QiROlmj9H_lYzV<35J*%Vt zqI;2%q__>w`Rrpa;dI_DqtosLZm0rJAETSA3Nq7e;lsetoK&7`(nx~4r!i^ybpR;!VV8~t3 zdg!ZZm5P?$+))k$f?<@8!wg;@MeEkLXl3$cjf@KEAZ{{56$VOaoeVOhi}n;S($;!$ zcbXKPT&9ww%s{#_k8~N*l<}3x071Sna?5(2f$p@17L6hzQB~QXsm?mFYk}6c49R4C zoP{hlwws;2RPQfrDReDhorASWb!{b=NA-4fok(sVJg^tvUhmG9$WY(#)U=S--K*!( zNE=HaoY8poS%pGRUhi5!PwB!J%9BwHZ#=3D8B7;_1C7^bwxp5Tr}bl!Xnbz-D~y>6 z-DXQJt*eXr2J%{^P#X2b9xc?e&1lXyk%3y1j4 zRkfD79G_{6J}P;AVXzR3j4DdssFz&U_>S@^^%B%S*t%SK05Zht%0MPppiPt)r+&)n zg=dQywJ&gXuF}w?`^tSqy(Zt(`_QuTvf`rto`(8qa&oist>(j%x*(s!;3L;fttbo0 zXpu1*0)K<~7`c{d`9a7*qw5Y*3mseK?%v0eM-_F{$zvClj*@awh3XvZjhdXc2xY>X zKqMOV7KL1Yw$RuZS1du|%3!eJC7PZ~hAK>JXXf&Hxl4FK}Gu<^#-L;U8dC7W#m)-T}5u}gdNKlt>JHz#taX+ zmx%D>hyeJg?*ZSfzW?=o*tgv`qD)(TW@Z?w)K+MN~_-bsn&I^XSF6;=d?~~ZG)Y}9@|s4hY{!CYqn3@ zF0~EVvbOcM57-vllCYAPYHPRt!@Ae{G&C#sTEE_YVS8WuJK9$uIzh1g`1ZrwZEgG7 ze$)1owg=m8Z~H>q$J*Z0c2Qe@TX);aw)t(LwiDWpXlr%9^#z0vwX z>t)t0)*kBy>k{icL^zyg^;rICc>$3WerUPR@(s&pEdOJ<+%jnCwY=5x7RyPNxt8NB zUTAAxtZQmo?yLVk^y~Fk1A@}?T4lFLN&$+b6re~-0g9v)ph!vqilh{vNJ;^Uq!ge? zN&%+iQi&YZ`<2}yDFrB!Qh*{U1t^kIfE$H71B#>+ph!vqilh{vNJ;^Uq!ge?N&$+b z6re~-0g9v)ph!vqilh|a3c1W8M|F*|TO_3bMN$e-B&7gFQVLMyw*W;_3Q#1a07X&? zP$Z=QMN$e-B&7gFQVQ^N;f(-AQVLKcr2s`z3Q#1a08bKb^*&{{NJ;^Uq!ge?N&$+b z6rjj&0g9v)ph!vqilh{vNJ;^Uq!ge?N&$+b6re~-0g9v)ph!vqilh{vNJ;^Uq||$r z-6AOkD3VfuA}IwZl2U-Pgo*_eNhv^8&J{^1IcggUbGQ3EJ7s~Jg8J;i0AsKF!;h+q+$Z$Z06#-(RFUznb!}DZV zlwm=JeKO1o5Z`x?4F4d*-^=iKGJIZ!|0l!W$ne)P{FMx!li@FA_^b?{k>S%ad`gDD zkm1h-c$Kp2XEOY$44;(Y6EggX3?Gx>k7f9%41XlUAIk6%89ppP^uenIh*x+>hCh(u z_htA!8GcuW-x1)I%B}}x_-z?}ONQT+;R7pg-PdoQ|su|D76Ug=)!KHZ&g2i&vWs{0uCB)8M8xJFzrVzvH^>j~E*t_NNBxOTd3 zcHQK>A2Z(6QT-U zhgJG^#1`D@C^~u(VQ_`_$81C!JO&o?PQ)A>vA<}49+3y1us>pd5b+0h z+HbbsgcbaC_G|3h5sPrEy=d=6M8XaBmG;GmOPH_+u$oux$Ji&?!GE@nw7%H-JR%i7 z(fUa1gNRqS6KngM5VdeCq82W04Pf_!Vtd~9h;1h#7jDO%hYg5bINLVKI)dnh4_a@w zUWfRFy|9qD#`~i83B)732|F3KA|l~pZvcB36zfLMi066F6P^b>JD~@;&a>UK)zjsV2fZWK#cf;L zuJhdNb+$cX-RgV>TQyYI>8_2gi?Nd-(Kfs7m^P<-#QnVc3F`)EKdy1!;Jn#+kMof> zrEL;o9R?8ba6?;f>vgTyv~F*`*m@HpFFs*?(dI-P#)NI9trt-lue053dl0)kMp`Ge z&PK$>4Xs6IFZMBPcV6eb$+^?{pz{gm^Ue{M({+q%HX=eUc5T2eh^?;euIqdwz88JZ zBR=C3zDIlyB1+><-_5?85UcSz-!;%3UF_THEBbm7w{e4SrEjtCbYH?3@XbaH$77&L za(WgcUSk4Uq1lMqc#LO~$BEdDBkeD?KaU8GPqaVM{vhHw?!*p{n-I5JUztIKg-icc={rqel5dyxAF81JpElfeL7Fi^7K4U5AyVjcsjjqs&e;fJpCG; zPM?GHbv*q>p3bkoJIB*^@bu#tzWYL+{vDp~;_38xQkD{;hxH>38$w8@lk%fhaGRIUH>+Mrzm%y#g9>bJf0tY?0DDT`SG{>_&7h_&yP3r7B@gx0iQGz$Y++N`6UHr)3>-HGOC-CDWcHH?-e*6PJ zKFN>Y;>WM^<0tv?J^VPtk6C`?@3oV^*G@lApTdt0cD!vLKmL**ALhrq_>s2jDavgh z;`kDNEb`;q`SEOiO!DKK`0;Rd-0?4dr0<1(^)$g#l^x63@$Nryyn>zgK!xKJ$5(JX z!12d8-p(=o-nbu4pQ1eQ0MF;`;DMiT%-`$&wH!anj=Nep{xLaDQSR^Mn6|5_%C2KL z=I!nN3pjq69e2_8GF7?FOE9i~FH66TwpUzF+ZFP8JHG!@JU_~>r{4$p3;6Z7@O)m* zUGzI5KhN@a@OH6-zULHW2X7ZUc)Qra+rQ5Tl@KWyuIJLgk#>`Z{_X%R^Hxk`3K2I{qXwS#p``n z4^LmikMr4m?t2Hvw0<$a(sqaIX?+4Gcs{K^;5TyoZFcA<@rRNym|XCmeab z+;tL9pUsc7K9EoQGmf-B<4Es2Rk@Sj@6JE4^Y5hX66yDGd^10Of*-Hp$M^B$h5VS~ z$5s5ekRSQ{f9G_Lx%_d*2*Y;_^W(4h@rV4liy!ai$N%NW5Ax&X{8->eI*v_M?x5oj zjwkbUULSYx`ncmro^D~s+h5?vpY!8)_;Ck6-bjweD&KUF;}qqdmpJDA?H*cg3E3y(f%_< zx#f2}Kgy3@cD$drt8Zo)-u-v)>7sml?+rZtd3L<-Jnu>|fA{0wqKNPP20#CPe*UFi zNnYN4v-bw+{BQB|ujl7~$a}MxzxyihBO<<+kBhtcJb&L8yw8aFyEBl~1^N75+HR+S zzv1`48=||BKUKM%x7XY0I10R(oQLBEeq7Iwe0;t=#PJM%q~B$#vXg#y9BDn__!!II z$@|I9dpZ6JKYolKxAWrwKc@JRx6_@xo$j2&(`mcFJi+_rZGU9xw>`y=-{Z%f{P*I%@ zvHOH_&k`9f7U1>DJ!i@AOc^ec;Q|?o3@~mrU(P*Uh6`nQstiw&;mI;QNrv-en3Q2c zhH)9jWEhoUM22A*h6MO=<({AnMFtqTA_ENQmrtH6!+;D=l;Ip1&X(aU8NNw|Z62f>vkDS{sLy-{vsB({6$OUxC&?!TQ4DB*(m7z_BRvB7k*djwkg1i4E!+*-~ zA2R&A3}2Sv-(>h#0e(c;JtD)GWVla;f05yzWjHLuKg#e$8NMJxkq}0y_Q<&+e~4U> zKLix{L%`q4*FG=9|C8ZwWcX_VUZ?E-l?t(o3hHGTF zT867+c#aHL%5a4Ym&sOhIh*Fb{X!J;cYV9A;Vi`c#90bA;YiB@M|)> zS%zPQ#9ZgT6miDE>wiT)`O5?hkD z_HVVmWPb^4?6EB`wL9CMYCo*K1q|%dmNP7KEXTCG)bi_=AGh33{(G$!Sr&)#*VpP< z|549r{k?L{0T$@3)jjWIoAFPeo55!qoAFC}Ujf_b>6YS*THBq=c0VtezhKSU)oWI) zTCiBv$|~E0ox#W-E$thc^kdCI*IIwCOet2!LrcIhu!ftcKa|9KM&l$ z1Mw9Rmi#^l9vx=GrNcrvOCWpAv1Jgu#?%$7R3xs^`-+8*`uCP$K>-*6Ag(0lceg)d2n>w;jKmidAcu zt7q#&tew@W3al-n81nZff)!;(S1GWI^5s+xg3^2QhC5#6Jjq8uc8&x=rm>$(BECG-e-N z<)5~*_U++Y0WK{{dP&XXO86vjVWF4()jc`t&tVxWis-$fX?5Cn+jlE2I#PJ5d(NlV zGVdJfj9_)oR+_-PQ>fFE>1ZGv&jkJHXe{B6BvWC3B9V^!5f(9~MN^q{D5W1&-7`op zV%{m#X<-C~golF^yi@EMpgGJtgHo0JB3QUQ=phdn#hakMM6PL zaN7T*IPgYCSN9Cj^qH(KsMn1$b-;p4^5P{^93NF|hgJ7nKoglW50yCchy{+V?%70B znX?d8au$M1dWB17uuD*HI!$HuHe-4!o(#s)A84HleXMEEn6M*|ReDbj?sMS&gA54RKM&U!>K3>FFj_GN z2-4fB6Oi##*a0{J(Nye#Ea!+961ZY89^a>@d$s;txepzhc=h1@le+wR>-%w?ksy9Kf(ba-Y4i<3=E0I)*0oZ)H%)h+cN8^D0QpJ* zqdeT)Y%bUQd(fK@-z|}le*lgHl-Ug zL&L!Hm2c9?Ac>N$`PL$^}CF^EqvCL%3Ui5QYfQzCd+`|0&O5qwyEPD z!oF_9OGu-a6ruG=E>U6uz_eD>(;cCBK-l0*y)Yn8a0ca`;HF-Th-{pHQ+2OG`#ba3 zG_%PZI8gJ~wC7#)Og8+?oN`ii&qXwW`30Ie`SjIiz@ZcxZbt7{XB)m*=FC;s^cMOc z53bZI=Wo{4*`zzw8OP?!}(_YhCBV()`V?N$_+3Tj!(B>zx_rVa^uE z?$&2vHNU&{G|Lg#Q~v9gAGCY}mtLe~;7$I`El0JqDt}R)Q+}k}tK6)7Qh6`SAp)o4 zT=MUszs4E}R`<@Jqa+g_kDne3M>DBZBH@q4A#q1ik)S`RYf--z*0P~YCV`l&;iIa1 zr_+m=*mwN21Y$Xd13D4=_D-WYOzbU9a)5lMEAU2x6dPc4v>sj?IxFUlSKgsbH9gWBH<_9nuQ$K)k-@_czK|w)==bEI) zL^xGT6PJiY#_OS_B663>h+2UQHLSy_WVWokSL=a@+sRzhbtVIWcqE8`zyZXhN6^w( z6tj3u(YfmrE*SS%h58AC8Cu2<9Z>S9gnQD?&;orZ~4bkoM?S;<>l zqB9g}9G>Ca3;rkb-F*c(5Q79K3M0Wl^wkj&nS{6mqH7M1hpWF?mC^up%SJ@KGDKMF zF_PN zMklHObqN0IR4$Cq8hiM>u)6mc+EcbMG3j_i*EQCMZ_;8W*j_xblGG*Q<$tBG@V}|P1bgr!zSyQ zY_i@|-P=mP*VW98?aT>J*85+g(V2QYuie~3>nlJmjAMQl)~U5A8nM~~n42TXB;tYx zpp?T*Tc4xrb53Vp2L1yzI33-hr?4zd_jU@E(p>zg`B0s8U<>3~^_e@_83>Vu)vK~x zO3=A=HFd$-xMniETc(*i-I`xOzIHOQ2glCtEBC^QHTS#9uN}-$m(2~S`qs3buct8; z5}(4Ex6Sn{)*JpaRrtDuJKSY(3kwIsc#ozlqz3P_h6i9#&6kRL>4ZPdCRm&F$J+ogT3P7;z?C#)wzr50&P(T3_qNdTZC}F5 z_qv+x6B1J<%=TjYC9IjzG`obR%h|7bp3rV-FR0D;;`K)3Z- zh(KrYJ?8zr_ov=s`=#yW_Eg(v95Y&f+xjqK(Ouu#+q$ClRO}i*3>NUW+un;ffR9=? zB8;7~Pok4Tk0H_vlr@&r#K9;W4>9&(NFC~lnR_rz33BF z%} ztn3$~6c|NmnY6q#whZW5vQP+wkvhv5ad>JxfYdiNrY5j_7GTxAjdVdM=ofrWp_ z(&Ym*-w6LOastg@i-+v=cv91KqTho`FXoSAwX|Ogq%;0NJQhhtwNxUc1&^wZ98WJ| zOM&dPWKho}lJU5HM0G@^Ic)KetuG!%m_m_XQC~cuWK3(wOLjB@C{#!wggMm_wuEHM zhpc^hp|Vo13~A~rt-oC8qb3Wr%0)G>)goI(>9op1NM%trgw$jLmBW^OOj^-N<*?-( zD}pXo4qLIY%F(9>!g?qkiRu1ODjf7jLfN2SOT{(6o(dIYZ=tAYN1suOZsvNdT<0UgH=SrnIavbeC?`Q2SJK@#USk+3`RpV(9 z&6gle!(kZDE7dDzr%&OqCS`A)BaqhZu8YmSap!FH;BcNDPc*4yDm@>f+K@i4&-r! zW{13mp`*-1B(egc4+dq6=M(cAqMjYpw^R_-BX4L&MMWt1M?~gWtLH1_bZ<^tRRueP zF_Q%&mU#mh+F+hQb-K8;R6v}9e#B8I`-`Occg7Qmct8xqL1TIhrAoPs!M3xDwZ39r z?~FxKfmAf1h0=jA*8lNrCKXCW!|_xon@&fxYy>tS>1Z^YO`(-0lUg{KL7bO#JRM8w z$w(@An%=)9S1R-qE$x!bDHw|yb-7K}Hn7kGA4`1BcQbW%eVqf-In%%#33)vPB3fJ? z1xR?0v{vdM@k;!Gh(8br$*a?Y2;@PUN;f7O#`Q0#yS0XvxX$7;6E@D$t6g0kUF15* z)kN)E8tBjD^Wji;2IF~<-Kf5btmW3%nGFx=K!lUICj`lzz|v>a-LTXmt)AS7#&@8p z`{>@5td2}$^EX>`W{pMX z_?vNUt@)ZaVoU>!d}7l;7K_#q#yRl>=OsPW5ym%NaT=Y>v#;@@^pA;dbsCdL6B$5QZw4{C9#{miY;}YaCa17Z-9%&E&_CSW)DDu;Mm>li)dL2fc*XB_ z3oq*))$!2GL~0~EWt(0dVbS9*VPbIB5QB}^oyc7IYRr@eH%~&0W?|Zx7@chpqs94> ztp5*h=~WQ({r~fl=U<&ahgbcL&RFXMt>0+VV4q>Ab?OeDz-%Oql2(l4Cm@1f5{gfn6_=4YqvFOV5k zu!lxjE}2u~JqU3oh(u!uSx_b?6LsN9C*K0nG!1DciBzwg0A-jQa>+*+1(_&BWte;> zm(9>sLD-R|Y+CL9qE|;aMBk)KH25(!Gb!kH^dnMa8<}tFc;(rwApe!}6VdzETQwvmf0q2y-=)^J&G0YZrD|QYVRso46hEWhy17V1n{H#% zmh!}QEy`pl47<42xan1-`F5$0<4DV9LLGZF%OFA?Z`xgG+x!mb0CS9z!X818_Nd7L zYu$!zGJoKHWw^$nykVZGn;jgu6!)g;h>fbBn7pnx5#kKH;t`Ru(x*Vy$4))cY528< z5Y|}U1Dbl8O+3d|M_Onp*?taP5`*4c9bu-?j3?9WjgObB>#*uDvyWyft_)FpC1RfH z@H^=fSXazI#Wl>VrkNs%syBG}*I{N4%~V{O>ET!?7|;V5e>8;|E|Q2ssSrrS{pkR# z2NL*;W??)q%(kg8g;i!+T#rTLQ7s-kqB_hryf774rmo@|X8U;f6?GNYZ+`%~ zEU{Jl*Bs` z#WmDfB(Dn1c0TVnlrw&8o`X`nzv3^XvIAun(9_>r81&~V{cF@$;9PYfEwg$CFSKDfxT=ssoaX|<9zzk=GoYWZ&OS4@b=G!gnlJjZ_TwdwKG-3uBH0H$`ELRUeypv#0<5!S#s0VW{IQIMx`_+ zG~foENR-gxP7+#B}r2W)C82X{p?`r_s4VypJy36-lnW9c*@!z8_Va?{ji ziA~Z*Cyh#JOpq}}&4k$|((6hc5(`^^U`J`WQm*M2o5%n2ST0bGR~}caG3#{q$J|-> zGT&3~xa%1AvCfaUUT|jZKX={b`l9_3>vvoqa$V^9iS?`2^WBQ?qrL|%^ILx3@*!)k zCDqn~D0F{U9=AMV`HJOw%X=&rkpIZ~w|11*!mmEs=BN%2Fe&3*Y+j?H`M+gg4^)TG zqcXy3R+1*N(x`8CPIb7zihnq}$PkhaVy0VF9cH`ew{a0bl7}Wbg~Y1Eef0IZSxLoh z$iiIQL=dp9RJOhPO<{~DKzd`lk-7ASmDMoYgv=A15VKa(mt$g9N)WSF(R3zerRrjq zt4BGu=_7G(aW8XbO0YW2_HQ$ZFg-n_WwmT37WBt7P4`DK*@!=-=^1}8oXl#$Y$P3y zL?IEfUC8Xg>1ok;AfP3%?fSB4bvRAi%vI;oFOiA z(+|u2TpG+y&ZI>Tbi-_;t)wu#J4OJgPxeC)kLoXnh z5Q?7&Y6#;C?T^$sxPD#N7laO&_35k*zk`mKY-4Y_$sE|&W-h1>cd=H{!@iv{1s?1W zp=#q8AkMB1zl}ZK!5(ivsM>S=Ksj>Mw1B~!Igj9jd3_eaVx4(*U^8`^F4i%FFy{?y zc1n}!iusY?2~PK|3W?{8KTKTAYXt97wTTOtyq$gse#sOlESS#=rm#pGHaSzO!{^d7 zXR-I6EDc{!hrE^MGIdCbsY7tH^)!{;EM?pbbKN?c!RERYte>(G7%pIoV<3dNE|^aE zQ|Yh{1D{kjnhnN6(FClYhS$=I_#`_mqD8{dSTYs&eNkD;-t*x9y%JT$cAZ~)EPd0= z>v)h5G>1f6DzCCfnJLCwY;Oo|6hr5;CJxnkDJ6RS z^=$n_w!Ce`tUR=`YwO=pr<9=bZhCXF`!n6-^fWw5)e2m@D_K=HPu(*5?z(VSX}w*) zgP7bjwaHzL1$vVUMkkF*F}q{Ki82&Xm%3lY`uJ6y2Qz14sNPJ6KR#5?@V%gz^XnLp znVTavAg7rvEAFvDxJPOR#>>glnCWrcp&Zt7hvIm|ceQ&7qWjHqp3!oL)9*ao@v`Gt z#BV#zvD-Jt`)BWWym9ZFyse(Uc&<`DuUw~Gq3FsM$HTtceYfL=;H2InJg9e?<9o>0 zYmd63;i-;0S{Byw4jm^}1Mj||IufEH%7>YR)HC4)A6?=Rv(RyyPSaIhDhZ3mSRm`q zW-=NUtWo#~)A38g9=miflZ>ZQndS?vrUt8mY9l=XTXc-8udp?`v2v5mO+_p8(aX5z zYe+%}Gt1guV!K3*9l#<)iJK^R+9Qsp{LDn&PfXtX+;~%jSp=rKXIihf1NZP=Z}ZM_*dY>g@6Cr$3LU zb`prs2FiWwoI|vr2l8x_bV)Me5?S zmoDpKt;o=o*S-&Z@6I8$6K@G`nxrq0qSd^AnVeQHjoAsb&7#E3HSyFYaUOb+AXXoU zK``-|hlM{>ZIs-=a6Go!#PbfNmCU>Ign74T1`_6q2~)65B2E+7DynB%1YQE+i7=SK zHi;^u$+=9Pm@{iXE{7)|=^o4)4wC(o6O-=$ z!>`(g{(ma%?N#RFyVp?9mf_kmmjyXQ3`QYdsc>XPx0jVL!{yRtLhL~6jXg`)OO~g* z3;PSm0G|W%gN1s!^DUrwLV-|#U=90_`ifev2S2&mc5$J9vwC&``@-NGbqjIwT7gqh zn53OT2c*;J=+i5ao7g(4l{SMVTCV5Hq3X!V^vw0_Ogk^lGG3a+XRB*#H-;fIe?0a$ zocf#kp#_P8qc2T<5?^fsv~|{soPetA+(8}oNkV2 zA}dUEmxS}}%1q^w7I&ZPhwjzxliYK#2cYVnEo&_cEn&;? zmdO^yGFEfGWKDH=9upv#23C7*XO35N;t)6gfb+(Jfo)8~7}W*NvXp~QG%BAGw-B?J zuUMmsR|ujb*)9ZbM~9R59^zD;7>PnNMMit_SHE1)`Qj3tdkQDdAm@W#(zni230Vk_ z`@Q}Ytme!96Wx@Df>B<%2$#HsKP5({q;Tqj-dsMT!aRs{USY3K_<&iT{_1d&HRolt zIcxiG&dkwF**(G5d{T9o3A@Z2n`R73k_TsO6U7_Wh9?Y1#)qj6Gl`gWKTWh{XkI@c zHbO!--#9%Tjz@!mRKgGI&Nv)6#uI)`3y1viP&O0|>TxX*iCmhk4$q|(bLAZ|Pf>ZIoQNYsvq`Vg$9O}F2U_E4Ki!~!6L(*AH3 zh7XZ+Fzd%Y*|qR{Uygos4+1LX@55TLf7qE6Ui zt{~f$8)F{8i!1G#)af*7PKGOKQqDp@mY)cX06*KcjRyy{fpl$u9{XzY#sblNi^3(d zs>8EsQ@fnaiyL3ZW2+ejUjI6V*YL*gLp+V2NC!=`n@~%8Iz+>Ru;B)Le*ky|Kw~X?*z!4v_xpFmqVJM&ymg0BP3CkF5?fhZf9+exoE-O{)$w zrxtH!!96X$u=gRZZwn<6C8R_Smv&Xt$;TY_FZ&Uw9$zK<|2fj zF~#+gLbg}3Ka`Z|PIyTLNpYCD@?er;_w-m$OGP8em_Hs#fE!N)F@+=%Od_Ml6M86+ z)#F*hjf;Lhx~FMzEuK!m2k@loFxzg;EC;)f&KCwzGUi8wm8^S)??xjK$S~9O@G_GP z3^Roa?KX;udoceY{2o(@jlpsBRQ9#Hg|EfD5VH^7UH@8FVY-|`oA?KrF=Y3IC%$tA za_~v9Xe)8?i;86hi5L&7<|+&i$4 zlq)g?hLF^UYTt~=142@NszO{diz#{oD))-HWfDkfKrDR`M1*k0d1Oi#F_w9FgpdNo zh=>OIHM$j&zg#&jWWv`74SppiN#$YQQ*!;;f^Z7CWOFW0jV$?H;V}v81MwWJvtgOBX0EWnrP85B!!_fpgJW2_$S{sZ%e7;_N=G1DxtfmoZ8tPaQMIIOc(mNZ2hX5Fi` zzFY|#gX$qXs8ex|+oss83B`MB`5J<_1|@L+bpa8yWZ%~+x&ZL;OZq-uQJo+ za(*y)_~D1UE>Er=fZ;Ax&iVa*@P6~OOr{$G0tulnC1s z%j8nH<Pm6vsigIPRFEyT6NAz)ZNG8edI^=Ie6S}Dj zMF^?lBk`%I5I{eNUg4MG>*uz>-C`}3R1~|Zm_t4XyE7E$tZentbjxYR9qQ@ywfKYT zsbv&`UMfC`*I@m<>Q&M`s8!Ovygk-SB&Ld2OQ+{Zpu^fblXvCS#T7cdmC|Ry+C!|i z8cf4L2)fno8m8xx5N~L)a701wnSu=odKmE#f=Rnj8X}40I`l)sRa))I^b_g4TEz#- zmzQ%reOfoE>_WX+5^JA4VyuhcK}^$jYF* zSnHSct!WauB`r4ezocsA^XLQRBxt4~>@=LmKbU;xsKjpSN4uBQKYb*MieIBBxRmAk9g-?kB!<(pf1bOxOtWNG(?LVLu(%z zA?ZWixKlUrSGXB%Z{CFN217A2!m(BjuXEHBoY91FQHln=qwu595Ag??vIWS|LSPx17WvF7Fj9sTJI8wXvQ zNQXS~xysP~{Kq#p+PI9)^a>1ExZ&%mxm6dpc$Aq=m+R8Cq`4`}u?%O@vDn(0j5~C` zGAgb<3N;azACTC08P6B~{E{%ar-42`lCo^%b#GTotzdFVzP6;c43N0Khcy`+7AGJzm|MC0*5N{ffWdLk7M1~RG6d=4k0jD`MAxC_E)Tka?hov<`0MGG9) zBlU1Rn+oZAHj%~uqFO+UC6d`-6#qm*kz^p2)e%lG8l{iqY6QViQ73sebd)44H%sP` zju2xoL-pLWT*)8=xSBobzqMS%DI`K&msowpiMPd9r(DEOKqsrPZf0fBNhDLfobDu> zf8n%g5s87lZm@L55b=!OQ7i{fSc+IeHEPDp5+V@64voeQ14QplxhuR+Ju(p-JiT^| z&8!nuKQ=3>esCG&SN{^#zg}IO%a9Py{zd(1$up$C-#B$p4XS=LAUU7js_`zySK<7$+zME`tsS{oS<4yJehN0e$*-+XmSHPN04u4Fl# z@EBK;BBcE?F~NCBp*p;jwy!Ig(O2rf&p-xS!Lhj;y^|c!)fwtvLXPWU$W8k@0qF6} znI_h*?2lfFelJ`(2;Z6nqGKDLHv#$WN%tRhUvg^wmix6z9FGWrff?J*Dns+s12?pR zP1M=65is}IsU~(dumIlN4;3BSi@2{fH3d$TmeA(HohYRY3z~xwOJHTQn3jlH*`y>2 z4-TZxqM6KQB4r;({h-`u3hi7Yb{&go0y96+47(1PWGti^%=|=~o{B{wQ^YiXIG7Ij zBXNXXNk-Ele>fhBr4r!`!qa46ezJgG#7sQ2X+bT9fGr4ofd`)9iIuRiL-1mnsBq=g76WA@T1X0JRS=~;aN1kA3u>MY_Mcj66*}cUoBxoG>s-+ zhKSr*GmR#iGpuOgxS)xHYjUz+6-~Vov6E$|&^S#rg(mlGCV)`Z9<)d8feje$pSo&#?L=#6Zv1Gg0*^B>#Az!RKg{XbKA zR&mdBztP?1`m^gv*JoVscAf9axK4J>a6aRF*qOKg(f*A6;nv42S6K!u=UNt6=Cu5! z@-gKqWk?yKFR|X|sqSN* zaoLmCLpiYZz*eslJNr$w=Q8`(^-TtQW31oDT=eo1PVrawT|ft-W$Yb{q5cdw6N^P) zz(KuCV*3~TzmlKFR`;DxFJQy?`i5bAA9LBuhVk`wVTsIdi20Yet*qbhuk@@ok#;tyxwLOz;^X`vW~{C&(f9vkx4O$#I17NQ)bvPV?+F$afigkM)5;rB6* zcl?U_2tT>HuRu$7B(2zWbRX&EXIA$y|Ag^#De7{)F02rd-{19(JJ{fr|FCLX4Ab=WyxP+%}NxO+{cRY{xI)E$DW9y}y&_ z{5q4VNHQJ_M-WRc5!JLnG7V)wG7$~wnXn!U#jw>E!Q>)ZI2nqk!Wjfei$!8tOcvOU zgqTjDPFNP?hoB7*x5|^}^_qvdI@o7UD9jbYEJTy_h4OwvTfGJ=Xfh8;ad=Lg%Uc<1 z5v#YP&E}kgnp5~#Ra-bWcj~%rpt`S*&LNka%es;=hrBk8skRDy&6^SiLFNXB4}zHR z_K99});X(Ns{1z4y1DG_tZx4M7JLwq#I}iL+Nj34zl{xMLuh^7b>LnAyQ}+hOtR@@ zHE%u_PjmwqJ~#7^%D?}VldAiA=v2dYgsn5?@bL}Yn9-RZJvO7SlV$t)g5?0|h~VZL5V=IfL&U#}JCYv%Zm&DU$EL$wT5b1dUe#nRXz z5RS$CiBKZ#4<-_1%+Ki1J7d0P&H>r%yLMV6lL#ZsKp3$D_AzISY`$JA%-75}AiqMI zue*f#dM%3`Fu%I*T>3dbRHpC0cEa=Z;#^N}o_ZhBx4`%cZit9+N=7{+*RR2Dhj^47 z&nq9mv`uVr4FxRQJishs5bTmZ6lu_qGuvGl2r~sO6z7N@gQY}mx+kK1N$Y{JxC-V^ zWj;LB6>zbSo8-^L6irQviTbKofIHL($3gr400$Akq_UB;pSMH>(O`PCsj}jc(5?4Yj*ivU8N&*|Os%Iaf172+Ng4TV% z*N2kQ^&xhH+75-fvO63zpVD8YIlS@P)HW~FnIzFT-Jq9XEJR}|Q7x8V9c8u76Vg0? z^!A3)hWJL{d43Ic5R|u+!Xe@LgMB&CG`@-Dy*SL*p50fjh!*{Qh%Qk#v1e;#_SS4? zGQSM+j9dpqe5u95990iureVQ9Dv^bX5|V{_5mJS^5mJr%5z@pu5|V56BqWJ-B_xaW zB_yY7bta?<^+r<1p*?7_ZD0YB+WS=OIm=_$0@bvXLqP;hOk>33z;F5r_zf+y7(WWhp?F2MQAZdKwaF4TsYW^-AH-x zd}E7>9?$8@@h!VrJR7}l_x!{22hYzu=Q;0k-srp%vH#XPk9WEpBaUA>?r>c1INLGL z{&;J?_1xCC*tWOq@|@-Sjqf4f-M$-r{l2xng+8zMk1dP6&nRC(bbu>;TYWvgb-s1j z6*t0WP_lgYoMxLcv1L5F%5!?lq=UKszwO$~7F9rIRnnWq6E&LLiz-U~hIf67naqv4lUF&V~`?7=lG6asZR>C=VgnyMy)( zg&+Ds8GEELBNA62tVGxc1?y63KD|GlH5lj&2TW$jhDf=6aEpg$`g3rzN9{8^li_eU zAx@K{H;P75=_IzPBT`c;im>E?c-)`V14(~0sb#{ESPHu|Gh^Q&tw%t!r=tFFCmh7FD2?SHAC_H(<>mZ{#+3K^mzWN+tEGNIBzWPMT7?;WP*u93;+V*!= zM;6f@Uk?nj{*#LCB4;dg3PkRN+kA zadl#&c{qs8>BM)Jzo%3fDEcdib*EGBwW2RB1iOPj+s*iAl$+GCG`I0^eL08-ypiUH zRdYpOUIt-FiU;ql!B?KJ0 zwXT8sfdU3XGjc9{Fq>R+!sPlkn$9NITzzsS{QnfoBE_1uyl8pavdHrr&tskk+AnrI;ke)N zdB^)5gN`#Ca~#JwEcS2PzhFPt{uaAxb6fvvecpOW%UVx+%keFfTNLFf z;%6i&jepjL&1Q}Hhw$sI2DYKW>vSNgvWB;*Nl&jWuS6@Bp5WUO9bMfB<&%LdSN|e)09$m zghk2Q#=77pLr9nGvm|Z+T1zs2)FRNqRtb6vm05^0AEkorUzQFD@aovn)1l5U7RkIm z2ZB7Kc9>d1v`6b{o-XR|RQV8c+k1Mc*D^2`l>8RM#!LD*buaqi5(Jgc~R z&BEnHEl|$Jii`DCy#wVf>(7dn*7T-xixLaU8`iAOFI+qSZ3~AA7%G@83#*9DWHMm3 zDm=k?>E!Cj5G}{{!&x~FZZ@cCn*Azu?8D}F`m>uwUS=sO&#w8wd}X4g<@$)ngrWu+ ziv&V?!zw*JltwK=ol5);BZ(OP37+2IUXx@{FK{dMQkKvU)afRbFNh|bT~?Fxy3T}~ zKz2rB&XQ$|=#`D>RK+{?O*49GpojbV+|ROEuwmp9q`I^g?HUQx^X_UYX$n3(51g}w zTU};>bQ)_DO*(cx(mS(C;tgub+0_viTYMV}p|;uRYDFgUmWh1~Vh;C^P9%0A;+{ce zUXb9qlqDERJ`}HxFq0;Y6;qtJ_ftJsA2Y)ywm#m3^>H*1K=&xo8Iunj zWKL&RPE5kvB+lu~%!v;u(=%y!{LBU-endfmjxPiQ+C(6QV4jJ1AQKO#laX`;b2_tt zViWSFX@N*EoJgi4F-+lo!W6zqn8KN51HYm^g`?jx6Ne+|yKkcG?3E`}N0^zzwQ-g_ z;kB{Q(#&Nbx;7rqn>XLn^~wys=&MbK-{$M_=GIoVWpAng_bUi4YQ$h`aq}W{psXUX`zT48(rWNTqmJn z1HmLAm|^vH_p3mo)ECiykHYJdy zKhLSnePrGcme;jA)mQy=8Bwl9CP5*}84_KWxV|GIhwzla@E~P%C(cDS6{N-?fYrC# zNo`}iBG}mcWA(J^2r~-0w7|wGL;86|dt&Y7$s+qz>xZ?6Otcr)u9xb0|6d4mm1y*| ziO6=$=!s8W&Py?SWtnWp1@zakY&TmF?jXqVZabE9Um^k;U6)IGNUC+*F4l9A(bU1Z z;4xV2%d?rR$V8bg-jTV?C->q85wg~k;huee+{pN*-a1oq;PRc@)~*a%K6Rw)A?H%t zRNMK^M{Gssw_Jz0mbgxHMP1$43$V@hHQQv@VEeyppL2c5^=Y@SeV<2l9`Clf{_5Im z-EFYdoKEdfc7vH@J_r+AM#y z?6o{+dBXC8_IAsCmfI{}a_z8u%JUJ||9IYO^|ig^dB}6WW7w6mz0Y>3^QX?2oiDnk zwLRmSOv@8e;MnpU>BS{$Ks)Z|XmPUH|#3`p-YJ zpH5q=XH)%WruNh3d57`S&C5XE#3+N+^E5lbVY7OEUjO;i`p+lpKcA@oe7yeivHH&+ z*MB}*|M{c(&mY!*KEr;ZI3BJ3^W54`t7on8)BUsh&!5`f2zT8sd=!_(Ve>p#`{f+8 z-KorM@@eWx#!WmM>OWVp8#ryA6~?b6wVQf&)qXjL*d-3s^ho{Zu<_GtcYd>Wvgdoo zuWvioSzGHxIP~jK4g7yt1GVnv@SR%gFb>}-wbWMMNww5g-@IC?&6lX9+I;a^s?`^* zrCNOv*3FzYU#QmMe8Jk8c3)@hOuMgx^6Sg zT`OX%=dZ?3ug&=BdAa`cZ^ln=OZ{H=7^$AW*MI)g^^W=&dB5?v`;1@r*3bP{{bmms zsm?FEZm8ekJH~b2GJbutcCO9yN7ubZ@(+w(->;vr*FBHkjC=vlVseI)4Blte&air( zs{iDJJ!T~5yNy)mRrQ}&8jpCWmS}TcU;p{>`p=KK-4`nH34CPs2$Xhd+Y!opCvbyT z>5^Kx+}~?UDkfH{?DdIE(9?E{Qhb$4()6~qns4=5+PV^6FmQD zZy9x&&GVP`qno7uuH8Q>)#`b+{jKAY1Bk@)6OT*zXww(@w!$q=NHBak9fM36USHf`sKg$d{yZj-$nGS+LboXpXxtfto^ilp7T7Z9MO2cTDHye zQvK&X?^I=Opwf@uUJ!{Mc<#pE2b$G9w&{$BvgG*6b2F=QMDE(Ed0gt1q zoM7=O&bK;GbIx*l!29oZe8q8{_cOldyanG*Z(DoFcbTu!c9ZklzH@!^eRF(X-zS{c zdiQz1>)7Bp$?kR*TR&%29alKFS$w$Jp}*I24OH8!`({!_;iWFBj$LJ_V{`pvH(8|v zAxDVoyB@|>VBz0eOhYG%y^IyTFC3z5G~ptMYLluw#Z%U=SRacRr^w+cg{Mi+AwH!#;X4XGkMZkx zdQZ;ALj@~nY6+j6@2YEOxe*^BRX80#_KgI2qiw_6GFf3%bxM z$5c%V(|C{ls%+2X9boiMn!1|yzzy25b^18k3b(PX)2o{B@HN)}6SQZq&aLj7%DVm% z*3u2W-gqZsF>eIUG;Czbu%px}An{483v86j==hB-Xdrd<3Nf<;9R@<5hrp>dEKb$d ztZLZZm}L!#AgtvLm!4_SwI}Y&oMqE^I+;?T2!EDpwuD`FWK%C!^Q%Oq&!5ntuGdv< zOCgt0vkg&vu(Ma+n$8c z&17~HtL#P{){HZ1JFL7vgVqh3!C5>v#@MWKV$ZmpUeBx&R>CSF6inc>R+`FATS@ke z+h_u_N?0jaCG4}(3}%(Ea(XP938nN%)Q=5Ju-eBE>rcU9mmi)=wICdcYX6VDFM*G$ zy7#{`nSBLuL5wi&2{Os-3kqZs(69%>5+E#hmLwy|%s7)ka19d|sv+AnOneXVlM(lI+C$GX@7!H&Aw$S7Bg} z4^hZ4vE`1mq$B49{Wx$K18Q<^m)q&}d02m{g+$gBbND>|u-_gF2YhxEP{j}5V;S58&vSptMi-^w98Ip}I& zs$fspd^V@cU*>>+PTP%`HuP^02a4lqMn(S|y}1lEkn2Wu_LP-SfV=VPyg*{ihTGl! zb5uj>YzWtV%7jbuFqzs5E;2`SuJO7{(NVE z`eAn_G7JXddUC@KxD9)v-sS^unz^A@Z@V$an4pvBfz9URm#K5%G1g>H8OaDEMso{f zd5m*2nuEn%&o1r~i!sn*cy0ES7QaL^*%oMI>kfouEJH{ZOt4PqPmBjt^9uYZp_&UM zstMn?l>Nq4)=voZXc8#k7<`LRzy)~Mg2wg;#|yseY2)60qsL1WHH#C4hL9fRjbVVY=;FH7z zb=4z=!Q_VSBHEDpwk-;d{vs&0mkk?>fy*Gg5s(6c+menR3uXNegIt}L~xL7EkS`3JlexU7sy8sONB9=#=4hFXU5PRn^A;iQj(K!$ZO!7!KG&AaterW(&$aoB7tNVJe|G+(gv+EQ z0o_eJ_NYt&t};f265DxBTp?AcA6Rj+b3^u&gRo)5F@EhuX2S@-bAHS<7~YBPe5AL> zbURh9le(N@w!3jBN#db;smtl3Qg>6#bT#G*Z48S?iZxGSM!toBbtHIk4 zcH5&tFF4M1ie7sVJ9cq`od<}vqY!=qc(|MJON2pOSnL-ebc+jobVJ5BvKfQ<=BXR- z1;S%4WO&T$*-vmh=5_cEEvm$0ekheabuI3#k1rt7yb)9XekE6!*bk)%hC%G5%=!_G z3?yoV$$#F3jquG2BW{Eb4_DwQ5#|1bLXIHvf7I930-PfCCn*}?nNHp!pip2mv{Rjd zzA&_Noq@hEq?4Ts%e}AyCrp&=$QeTJ=p-it&odFo(;oi-JzBvh7x)V@pCpnj7@)Rm z;bnS=GEvfXCkH6hE`{fEkOZvYJ?XFmXPRf7Y~@u%Cq`}Ev(3zEcgzFXK1pO)f z&-I7&U(~niSLkP1e{cPv{wC{-x;L#K*4?E!V_jyg);z1a#9D5>%<@lby6Bgd*DcRj zzOMX`a)F||=<|wk#zjR>7CoT+W>I<3_#(6N56Yh@Usvuy|4@hI(u>wP=OLqw*JMvE zA^l72vKPznSQp5@BT%^^dUxCi2lm9LSXPhe{9=hKI~O0fBlmFY$)2jkBWwjJ&gda} zy1hAjin!C7N#4^8>=d}@#lA6%H+r+DmXrRXSxXY~A$Z5lO}RmR+sgXJ9rD|F{0(*w z9Ou}G?IU63-WlvS(c6>yEyJFFZIme}QXM%hvVp~#KYpVs{f2mf? zG7hB_@@B$)jKmoi&Tx`T1@hPlDj0>~>;|?@g}4hK$ME-&`{X(knF^-XBQZ@`+uHKT zhAuWKnP){;zfmxj1|3c03k0k}c69X-=PG?_^;& zOZ+fBNOrS}-pAq-Mrr{P6Q+L$GK$3gj8t)OPY=OSqs(m1i!g?-(gMd#Ritalanm9h z@+vvv8lenhM)nj5K6Woz$t2o1+=T>qJ>tfTmQ_>O7_dg)$}HNoNQ^*YEs?!>Eh|Qt zjGrXSa_#t`2+To@5X3JLF+y!|&@Vb5Hjl#tQUgD}L#9YABQ@}`Z{(#0qqC>H_|9dx zS!%Jz2+LO$vj!(AA3QO53p@nFj`*_u@ZE%&c^|JW1rGB|csKD#lA6Dg^OKLSN{-^E<*hm+$Z!Z;sIyS)cFtowh`@xtVy>M_BUmjsWA{ zorr!*=FMMZV{OZk^f_NML@uSA;C=2UTWxfMtGRT6xWh-8!zHHfeLmZ#8Q@v2B>?wr z47kL!2mX32-3q~ln`KJPy1>tsCFlO0VzzAtH&P#%Q9mc|L$Ib22e^bYUNph-Ye5C7 zaSQP3MO5P!A&0g;53IJt9WGgI7fGwF^$y{xe&#H!oW!*)WiFVNll5M^D8F(-E;Di7 zG#5$U3MC~@YH3Lk4^IMa(hEB4C#5re;(3=WQ;TyS+tpR4FV&@xx}e$f+x;dR4a!*kZZSbuH(f%UL;m-X}3 zE!Iue4c0qA>wk`QinYu-!8*#Su=H5|*YZQlYnI)XFIc)PAF|wKS!Tf3DrE z-Kb4#BicpU8CswACh%ye*ZfWM2hA@u-`2dM`Ko5S=A)XdCZmaJ7He+P_%$V(D>Vl7 z-_?Iq|5E)O^{eWg>QAXZrtVa?s$=RU>f6-;b*Xxs+Nk=6>QAaSRo_*0t3Ivzxat8_ z8+c1-P%TwetAeVD;8DR;^v|MqihfmewCF(5^F>b-ea3W;sl~L)G~ZNVa+%EU#;1%QHr{JY7*`u>j3J}Tc%AW5quS7G_^siXrQR~P=)t0OMU6#u zMKg;g7u{S`46>I0Q~p_bT=_llrto#;XO&MXA5yMYHYt}WXDM${PEua2v?$IhPUdES zWv=40x!)h8|DG*iQC*=d!iyDG!hF@FzU{F%N&l!yoeS2R!^f55LF5qdfdB55L2} z&kEh&;^7-S{3Z`y=i#?`_zfQZHxFOq;b9&g;^9Fa9^hd&4`1csD?EIehx>WBkAa^N zy7%(%B_8hK;fp-n&BGUX_;nsW&%>|ra3>GH%ESNS;a7P0Wgb4q!!I##yU?9r;Il$^ z3lEza_?&QH1`nt6u!@J3JPh%$f``)>_$A@MR31*@;jKKpg@==Q804X!hdv&9dFbJx zn};qQI(g{eVL1=WcxdP0Bp%+(K;UF1^01VLB@Be|{6!w_VBn{P?l180^E~_<4?oMp z&+zcmJp2?7xAX8>9zMgvPxA0-9zMmxZ9Lq{!!90f;o&D3_$i_LNgh7I!;kauV?6vQ z4>$AhBRqVJhacwQqrgs&@1LdSAAW>~AL8LA9zM*&hj{oP4gk@wS4?B2x zKM(KY;k`V(hlh9Za03t9dAOd3>v-74!&V+`2dL z_iwt#@Z32_0DdRQ0CM~PX9^?$KbK?xx&8m<0VDvq{eN}<2|#ZD-&!C6_?jdG$nF0d z`bq#sy7x!&nWE2t{NNn-|KMihVEpVQdLv}+5@3I?0fUofnALij927XOAaDa#1Jbaahuki375BKwM9}oBP@FgDZ;o*xs z+|9#XJbZzNU+3ZTJp39DcQSCNaNxgq_!S<0nTPBS5Z+}slK|Nr0zh_$0Fd1w0AzOv z0NEV^Kz4@!kli5w{4`&xPw{X&51-}XGdyH>2wxQrJk8t%$nFpTZsYH6DT4ciBC_e+dWJJpe#<4*-ze z0{~?A051v$uVcOp@LC4$77kv+LmLk#@Nhg2ujb)ZJRHZvD|tAUhgb0MavomB!%KNM zhKHB%a5N7`@zBaZ;2A7DH1p8JLn99jJk;?}%R>zh)jU)&5IXch9(M9D%fpR4?BL=3 zJiL#G_ww)_9^TEvyLh;PhwVIE&%mz;2iEbhjfbr~%LH9TC!!<9U&=iv$-F6ZGg9@g=2DG!(M za4`=T@vxSM3mFI!$pt*D;o*E9&g0=+9?s_BEFR9}VKonLH>h?f9xAF3;QacS>V)cy zTBo+D$EqvfeA}U}Q8%gAsE?_Ss*k9<)qCI!e203wx=X!Ty-D4nZr7G*1KMiv0@$Q& z*KX2wnF3~;xd~4GkC{(eY(+bZwij(K>L^MTttqN8Z8z;H>elWsc9{ipwYkpRZr*7= zZa!lvF`YDzGNnw%O(ohr+9Tk9@QiM(E}*N{)xnwmc3rpbnC^sLr!Uc0>+3)Zpvxo} zPZ*EFY57j$4&!m-8Ph1!8q+55@_$k_R#gJ$?kQD=YO`^ZvBTJIOc|SuYm9YpmR@bF zFb0ecV~Npb9BUk9)ENcC8N*4#3Bz&2F~d>A5kt3Ok71`_hhe*+%dpw7$3Rr9{o=J4*hnmLtCM( z(XP>^v>l*#uwAt@i+=&-h1Q`RQy8f%?8 zrLI#~t4q|Q)Pm}y>bUBtYL9BWYLlv6wMJE=s!%ypHkGdE3`A`_R&=CjkHujbYZ1&R z%ty_8%-hYI%qjC4a|P&Vj5VDx9Wm`Rb(z{tb*5^Q!!*`pGu4;_=FR4Ai_Q`#+ELV1 zw5h1Qs0nlss!biHqeVxJ+l`yeCFUA)hq=pq#4@U=!gRu{Gj*GefsR9y_JmHSE74Wx z*632Y&AOesqq;NtvHF01jlM&_*`za`G#)eVF?O3an|7!K)hJa!Ri|oFb*Xk*Ypm7Q z3TwdXu$EYD*0G>}qO%H?GnSK<6PDwaW0s?qBbIK<9?MS44$F4XM%irHWa+T9TT+%L z%Nk3arN&ZisnFU$*JG4crxi43G$%DDG{-f^G)FZ@G~Jp#nw^>*p!w0I*{s>5>Cm)m zQko{s8ujs<6hK>~C@K~X9wF(0w@`YOaNvZtXz(Y{n+Lu}-}n*z!YdRXr1&|Cze;fz z#ZOcGAjKb|I74xo;8%SFAH0U*>qvU=YKljZ`-gu^@GJkM_-_>do}`C+DgFsbU(=)X zD&aLVy?%&d8^t?G`dTr?pQQK8D1Li^MoZ`6@;~t0a()NCJ z4ZZ#XeeTON-AdDk=>2CYewE@6Q+%AJ->28x3GVKoX$wu4)AV+l-bPd0URMd-(EcCxLA0Jj^pkpD8}O#+W$$48&L}QGZf!N@m`AQxaj^i#dO?s<8cDtf1W;%%MbW9 zf)9G=^T!B2G=<_nP&}35|D$*T!FxxO^bj52d#|VWqx8O?-lyYy?`(RX&fC4K=zTmN ziiN!?dY{hoLwNjOB^<)*0Nl^g`*fW+gy#udr|okH&mX{FpwHp;1@KEWA3A^b;`V{> z{+L|fOWWrVokx4$rSJcQ+~23A@BfBg|2@4vj^ck(Y$xfV_b9F)_YaSv824wfaM(m~ zjNZSF;&zfAou!?#gP>BQk>^tqMf`b%_O zed#KS@%mgW>^V*F9!!}4e~;pqY5FCaZlUP|G`*9iv|sn&{)YDh^!g1ny@aL$NniXE zO@BtyZ_pI4i^al=pQ899G`*XqO*CCX)9EyI(sVpc4J6%7>$RKKYxj5Qby~08v|hVu zy>`=j?WXnGP3yIrw)1X3eV^8A_ZW(4y>|VP;9WnZDV}e|!Y(`yA;tX(DW12GZlKTM zc@B6H#duu+O#5pW?XO)ra{q->H2pPAX}w<9Pw@6@NP4gerB?|DZ>N~9^M`T$uM!T^ z`XBy0xqtX2^88`k9&rB?^!mr>^;c-xNw42e@vAh&^BKl_GsWHHx$a-k^v~q_p@|f~ zPVfQReur+P*LRcjfP&)BlIITpfZ#(xf)Ae@Zd>u5<>$sm`{kVeQgFiA`Q&>oZAuU=2!vp5pZl(g_qBNxJ(CP2Z;JQJUiMI9}NO9K~HUeUPSU zny#iPUZ3E3ygosS+XvE1>3uxj#tXY}zd?%ECrJOB+~4(enr^4*V>G>srg(jV=ND64 zNz-zg7SmKu(ieJZ`oA=#^?Cu%&+)?cYti*$;pG@j7t$1uH@I%6cpOdf_$e0l|CQkV zczgh+<6%GUf55cA_v8KrjQbN(+JF03()VZ4)K61dp8Xbr_tE*Z?}S-%vv7^@f?(WY z+-Pht&NaFW|1kU-_QNk3K5e+)a682K`>pOTn)g5(UaNjiaY*x)=5^RLJ)`N=%+lCAfv%;T*p9`-GFAAR%J`Vrj$oX-hY&guPreVOR*K~Fu zSExz_b%rfGC1W~xj^2+fogK(Wqf$Z4H-x9gP3!DHP8yYpBvH+NDsN1fY>C-sw4}fp z9q}+%i*08YhpKGh4Jk2`v9-ino08GYC7m56{0U-rCp|+gvfd7JLVSUn?*OOQn91eFdZ_y2z$I@c+ zYKRPtzmUHZjb|coF}>l!+IwTuGVDGN!ZzeBzH?Wc`Ae)3xb&8-F`aBnF~N>;IQHg( ztH>iB`_#I4Y(0y?F-n?o#b*;?*tbE0vd_RbSeOCN{TImmd@1eYd$irl72AustxnWw{puJLU(7ThE zhJ$v4_~Xq<7>SM88+`@>en*<%V%ioHGaGD8@G`mw@56`j`{m60WjU9B@Ck$A)^g-Z zf9kE}sdQ|r;of`eIy)3(*&~)?!Zyhm{+#CltSSPxs#q-9v&gf1ew{($6)a-8yt4!O z@Kq{^4V{D#*^>CEP>fhf8&`>f8$wBe@io* zVCkD^mggQvu{msmd%C6+f}u%yw*wv^3@FS@D+;aN5>LR4%uKd93@E(EWbg#CpBaR*79(W)~285b$2Lmy; zJJJwydEHlJ&t~vjbh+AE><@=MK9|ECxGa12PJD|lPFtnLDSI}>y^~*@F3Fxv;#-%I zmfMP*F>H!v&n9s9e3Upn7q*U=r>mMPCjY7r1 zRGyiDuQ$WQwuRbSlQHo82AmYQK~7;G(D}k=`Z8esx<8hrv zpU36$o`05=3-`fNB^2~ydUJDi5}16b6mm%@`BwuC$7tM(^0%(De zVj~k7D5$NZEkWWiAb05C?=zMLAL+0aO2a6J+p)yDcsiM&dlu?8u_@lzRLE4CfvdYh zahqU12L>ZF!&{oLYO^p zP#^GkTtR8|j2i-rV~5UF(-3zyj}gvMkXDWS2MMn3&l#lMCy_<~DXK4HArGx)nbrw`}G1 zoGs9UZ7qc>#LCW&8wsOWN;s6KrETZ==~UR{-GDhD%CbFefh)-0wY2SfTGu(Nv*S8k ziiat?`tumyKj>j0VNY@*W+P?h7$5A#P&YEKs$a=pYRgW(!(FpQhq*HY=SSC;(sno&076iihG6Nur;pB>zX7CUkaOiaTYq zoix=`Bc^}@iNEnSWhgZtI-#=xl^vS=z8~5K3|doL7}GRTbeOVeXH`xRik2HLkGcH~ zVOI=X|3k3F2CoRzIS_1cdf|T_7dT(_HN>25hu2#Un*y;Mc)GUc*y>EOEggx001$D5 zk@A^|b;-3c`;2u!wU?|}>uuHXXf&3v*(0{=+oxP#Qqq{RRnM+kJh>Kl6U2nn z*Gv0Uh(JQl6>N)BXunokMpK6Fa$i4}Z{E^Bm2QZ~nxl9}z*G?WykPq?Wd3L19dT~^ z+joOoxI@XEv<>Q>J!|jm7=zb{2Z)nr;VFrgxY$FspE;D<5MS)#^fQBiK%n4qc>;l0 zBNS9Fe?|8|u(Jb&K2<6_Uucs3k0SK*leS7_s z>+4JEVLHPdn9udhgyyESG^z8!8Of}!&rR?8(wvyOAlvhv(=CI`zy~CWc}{HjUU>gQ z?Em}s0GPM`&wBu*{{OTy2J`?({r_o72Jiq#{r{=QVGn?L`+vp*V9x&^cmf0ufFIcZ z|Hle}E>gu91D*rI!T;gmaRzn^2jAr3FM0S29{!w%zvAIfd3cP6KjGnzdH5q9{*Z@1 z;Nkaq_&pvT<>7aE_#Ga8n}M$i2jAe~H+lFv50CKhTRi-49=^sy)*u}6J;dKV$io9X z?B?OCJbZ&cOY`!H@CqqdeTq!^e5}5gtCq!w>WDQ64_R!w>Or z6AxMYa47Rb{9V?%816p6-(`)B;Vx@z3~(d!@IK)nYitaVH8uu#AOG;ZJiLd8taUNG zyMe#k&cpRQT*t#U9IL}Jjug9^Y9%W{)vZw4(noXo=@ z4+A{(^U%jbF9X4=h=+%69=dqwbR)nR!3=K^q)!dHZ+g-32gI;wcLu#q z5j5o;Zqfa4GTVC@$mtY{$LHe{lDZKekWk5(ZB9G^2NyY2eJEaQldZNblcHz!ix-r>Is-?kpkQx{rg0RujIHF3OgY3a zgKth{!qSxXb8>@JtC}{1)A1-MN{P)IKmhI z@cKNH>HCnZ>ch|vRSJ(iP}rNnbSJE@2`Y287oGhos3lPyD5UnHgI5LBcdyGIua3#~ zqLWvJ;!3hWTtRd)vWjdkI$KpJIy2;kbZj!nAi4kp_+K`Bp&iGt?FbQedePyC)UdkF z`PtslxSbxhl6LwJJP4r!9R==#g9tny>L=Hi*E3TBDSvQ}Nopea@l4<62UQR`M|zV# zpBTQTNPV^!9d0QU8;SN&os6ako{1w=jE6yFWe3r?jjn931?QM0YTp=oS)o}r#=45+Kq!Ee2Or7T3dKB0tWU-iImzE-S$?b!tM3#xU`M4AU zAoe0dp&b9Tl;xk0oluT{S~}hpbvpeqPtYFoxqP6?;s=H0sI$QyaYr0ZkKgb2L;|pE zA~T`fvbnU_>um_T9YIg{(rhoX2~to^mZdpG7I*`h1W9k?7g{J8vIvq&CaJMJ2vtM2 zlnTWoL?3_Yh?%sSWW=rz#Z}W9X?ni$KpFg+pjLSMw&IZ2*tv01kEV* zyVmEd+blmeH<%Zjr<*>cx9Hx}{Yv)@h_KhLTdkW1KKU#VM{kT)slE=Z0Y0kfP`v^# zE>VmT-V|N~7Xr@+?Lwol1pdLF=4D)(F;~&4IW3(EBfJoL)cb_5;if4wBW_` z22j2y*1{-58>pa(wvt#`W7#Cw{3gg^Vgp6&He&5TciG5L8O*05t+6PKTRgUqv2&~) z?5kSS*k%CjvXf~r9YHr*#I-S7ycM?0X>8Sncv^C^+EyJz%(%L2{YNw))&SLHgPZwYdj~N2?f5WbOfj zH}Wdb7+^MYc1iX$w6+|DVGN9LX0StNz6)qE80tbYC)t=x+};+C!f$G4l+zoe%H{NC zp)O(JwilTZHE#gf&e|9x@dh;fZE+Zwu?DfNxz&aY-jM-EPKX1RX7Sb}^ayK}l%sga z&b^Ph20KKdypr`DbXp-@6tlgP31jQVgmJk<7|-JX**H7f>%+NpYDq3KdywpwX|bN7qZ=2(5bLhuwha_whGI*t-?*&UZe`IP!P@hWg14FSOo(V3Ek$W zqj8Xy!P-9KoY!~YNJv<7V*Ifj?dk)#0Q7(TmTRwX5HTlMDuM592jSO^6ztj%)NlyGE zp{L8RL4z0C(!q4zGPDIO#}|lY#WHpaScY$qP4=?!F@I1D!vE~CFxX#uVu*73TmicS zJkNl>d@vRWMu5Gs2dJhS^Cr-L<0AqlHt>kU!3bNQF zyGtO);1ecl1LOJ(Y%5bR4A6;;7)3lCoU%ZVt^>X%`EXa&PmAoy@jLkw7KB`qzH(j3u8q_U8d zZ}eq*kqNCrk)=~lqUGmfDCS1kfCDl2&@hJ~ta>-%rG!wBWr&6$i^klpdYLY}HrsnW zuH1vSlXd0Xh#2DHV`*d_erFr_kRn_o{<)eQp^+;#dK)$j$Yf}BJUZElcf4?RvpRun zPV;6icG|)9_FC*7puT)Q81&$s0-Udf=1qqYLH@|M&@P~i9l>C_$PQqTO~VK-HGuI< ztbHmfY*+@!*XxxHq?=`qi8;KvIWs+d}97uv$kru8~SOxtm{dD~#{Uy3z>JIC^ zuKT2Jt?ml#=XD^`8R%h{5S17(Uu_yXYsSB!@O5S%N2cIrUom1vZAMExgXJtWKp{o&MT5B*TkV`VVp}2t z9tknOHk3livsa+(fGIF^{bU#v$ZJami%cY@gmQ4U4A4${b5aCetr59gz^)&1nhvc^ z;OVNBxafkVxKF9YwW2Llv&iM|M_wYPQf1%`s|;4?a#)7fX3D*O;I_RWscLW_XAz*K zVh@BJ(B2^McY}egE9mnAeHj`_^aTPwcOV$_x}8q9D+q2T2G%tQlsmxXjr&3|R%FYI zx6GKa$}~6AzRWq10S`kh;Jbp{T^DI${L9EoS_&AhAWAPg&}h5yWulfqZ`t#-8+NNtE!p1N$q*t$W`#uhk)G7Z7m|LL5s(qxhKojIL@PKM5iH@= z%o4t0oIWieKSJaWw*2$)U9#n0A)T$3WqW7f8$|tW1-Q8#WaR}R!*u)x71|>qgTn>c zS25WyM?!{5CdcKhkRgO`5Yn=I{7}U6ATp@HFA*Wb^5QV~je>tMKakX^_zn>=EN6ra zQ`k51LWWV<-dphVx#(w*^49yqe58B3rJPmThJaIfBCn4?cYG zxbWda=k?j%da@=5F>$E>&sdYWjUnhFO&sW;bt0%T4g3K3&`w4M-AoR`cr!c7;kym( zjAeV5;f{Lv7Sd75rA;925N$~Kg$_WHAaIFACt=nucNmgNCmTU+m55m2m<>IHAHXk_ z08^0!4}x$|2d;==A;(v7UCCAf`Tc^;L=^lWmZB_x8;z_*u8Q%Vf_+fZW&k-4_zMH) z$>_v|3UzXO(S_hj4#Wc+uqX)5%#iP6Yn^fw)%SK(VMN z|0(P|5LkJg-&n|g<0|W$`4jqDe1}k%6~%6+ zry=T&iC&;C3-BF6T~;vErG|YYPhB9FIczRy7dV@}fZR1-D_`{7RYbS1RNg5VXBeHv zD-351Z$k{cEry36^4)xcOaF0wR&UmJX&=_E)4W(@D>5qoqWr1yRplefJC$pcvy@{L zZwcEJKM+!i?TW`0_dzUxdc|zTWJRfBEcmMKg@1ki6kih_>T~H|0@VlpCE5O~GJWh{ zm2pA7FlUgb;GF8+N@>o3900ij&M5`193OLm*FrHEv`0k`=u)_SQG3`gI_xg7A>wj~ z-Ug4;4a^#H4xCeXSy}9K1{yp_A0DO?as-@H3S7xdC*%%TdLuub;6w%0dU^3MJizXpRXvJ=A z6@jE6qYAi=6b)kS&B-|E529tY9Gz8?SPHhh*IZc5ThXaMI{(i}C-{}WA0Y(TSwzIL zXsjH2?9Py+Jk=Hk8c^Hjt=q@;VlHxhAIty+$h)}2pC7<2l#x8=9C>;CsLPB~VezC?Ri0~1) zLVlQ6N06KcS|4u0rD$8EbuyYGD6|C}2x6zdAW4F|63r*V{=7hg^m$IyAw5R@<<3vX z8_{7P;vtCN$^7%EK*0ii~Y!gI3ym56d92jS8MT{e~NP2vhZNJP;qFY?CVT#t-! zumKoPfn6$+7jMq<^`&Iqzh$I6oFMu-HkHeOy8T4;v@e%L9Y zcq+gcoF--~L>RXk80FK%c$!|&-JI>c4}W|n{`e}69hqdSg)Mj5RtcdCAQl^_rn$4d z_u|Kwk;ggxW@^=ew!Vu%H4gdKr9KCMZ9(yqau$y(vBjes*p|ETRZ^Ih6QFdLG8a~l z)9w|n8F2Jpl08j~mL@0=Rpj6ct`b{S@+`gzZIwNZf=cG(CacD~ z{G#6_g3*aT=8d5sMoxP$3cK8(BNz$72Dl*_i9RG|Piycnd5oNHtQs-L!go40i;-zS zEbJIc$%eqVIdNfVA@z{W5I&LtGNH8Dxv-M` znq7-mNh{y*#}_OuC?IW4La=Ir(Jol>OUq^1(`I~|Y?xL_8>Y*%r-`jL+54<21}$BO zyTK6?FU_7N=GkQLvns#$IZdpy=^OdI&*P@! z@f7U%8sd#P+yY$jTCw%698QE=k$(jQrB6a3zyMZyBG#H|l0c?8nOxf@6*dKD;<q(=emZP#tqb?8#MHM$yIh0dX~=|<@U z?Mdx%?NM#Fb*FWQb-T68y4kwP+F@uR4v&}r#Jj$#y3#K!slcp1<89EH@ppDUFSYxO&)EKG_6^4MpVJI=!3}X$W3_63LKchdXKcPRa zKc+tlz8bsrd-OZ?JM`Q2UHVP>c72n+PG7AL=u7lt^*Y@d-3i?>-4Wd$-40!sZWH)+ zXwua|)W?9XL^oEa)1J|u&>qts`L`u*9~A6^7WkkAK4^gtS^&3zwn$MlL3k~WQk(Ev z6U9p@UPAG7imNDgQS7960>$GgHc@OO`0#rKA3j6z+Z4Y=@%JhI9>x19-be8lDc(Wx zlN3KeahBqZ6elT8P+U*(3W{e^Turf;Vh_dFQhW`?R*EeIANmKuhyG6S?vf=ryx08~n!ZWXH)y(trk|(j$7o9H)lKWwP3zTN zN$;1@^eUR_N&4z3n*J|MkJ9vIntq9Xv?e8UcKW)GLwEgze_S;X}Z$E9n{j~k|)ArlHn!Z1Wra_us zPt#E(-SUF82PK zJiqt5G~GwjFVd9OYcH+W-ZZ_whNg3AO6#@vMvBMKR3Pa~f1>HnX!;GBzCcr2ua{_l zy>t(~9;Yd-*Gp9tJ7{_}O^qbo^BzsUVCW0_DrVN zZ=&g?G*y!H#Xr;Z7c_mHrgR*>_!){f)AU}N-a%73k6*lvVmD1~G&PZQH?7xhTCd&T zqt|J@cGG(8ruEuQ>$RKKYd5XeZaNNk2kHB?Ub`=&nAU68I|T3gIZbJQ?V|m)i}u$p z+F!fwrq9v-+O>pY+F!e9f9<0EwaY;6zi^tSZ_$+2>xEYko**15rRn7~Eh6c`ztHqe zn&S0y0t9`c__H+q7}Ed0LGh+w{ViDe@3MXt?E4p6Z?)cRdC&3-OWaatK4rSZq=5bH z4&8maxNg4Aue%y{h~L$|qTQkWm^P-Z*1WCxq2@W&d#V$vpQs*Hya_e{wTfF5*BG8q z=!DaX&nn(9bQ;nIk;VqNE62DQM8*2t?+?-o(*h5cWP8F`68uOAOT$CwWcq8~OYyc-TpdT(G%^j*AzCr% zHG4tVY0vho!r47U4kbhH<3kc&yE@n5eQhq;t}g*Yc&5|I(IMO6l9U{z>F})7=>rJL z3tajXE)?f-D0oA*hxj;|LY6X_LqRgkps(xMz8<$a+e3VzY%C|QN@s%Sy7Wj3&z0F8 z;?{&{MTa;wq|$89GF+e;BzsorsGyB5$@UNzG(^j%0_pw)yl|CxnPIN_K>?|UwNpqIOq?C?Gabl3;sVKZjI;`{q{(}ABp+=;LgJtygb{( z8Y@;5$D-ho-RX+CFU|I_#)=hr-GLs~Sh0fD9q1u$0f_EE1@X5BeM;Q8e3)3(R-6y| zR0S@|(pY^9`6vTFbKn6Ls031-9!jm{X^5;F7v@NLVH?=#HoIMnH-?6EvIQ-Ws4)1L ziV0jZ%9C?09Qt5L)90-?-(V12i~kOUKu)i?+q@NaU24 z0$#Vv>kRmVZWP%Dx%BI+yEG8R@*|U`yjNE6p(j~5x$RB|Qrf#vO1$j)g@_h7DudHa zx2v9MV?w7`l_T^d>zK@j2_cwTV-IRb+oI3Y*ge17RR-OOAC)6L)sk{J1lSU6aeEO11rst6B7)PZz?G<{*V@K66b!=o;vvZ-O zKo4gUPK(gP3VBkBM`iy`!I-u&6pV8iR;-VhigC$o4|QQf+`m*vH2B;XQJee{3N)E@ zVpGA<y4&@rOEOH1gb>5(Gb11X^7YoM>Is|ZW>E$i9;G`O)ZvN+A`M=< z&jI$#9{6bwhQUb58H+_+QAY%HbRoV;4{=sQ)b6GgyMmEGIN}I~A!Fi^hGu*fP~T~I zF(8_I(-`VY9MsTH=-e;X}ooZE? zx5DZ9dUM#g!g#yUZoJI!cf)@hzG8S9yaTKSrh`EUwEy>ncs|~b8kxj0xDrb|6d59r& z<}i2&;Nqcf=Kl*dx9G1pRS&qhPt`0%w0gU_Ap-m&X%x4*Z3nzailF#*mX}M*utofV=2` z)7xNoc)hWp-wC$fUeCZ^2zVMI!LUcP$575#S3UsdgrF<$^mrVuXhYZw7U37jVw+h& zS;gqsL|aWL#Hc&Z3RO0TZuf+ujUivCdT}VS9&q){P$X2jA#{5nw7ju06}o+WX!!!> zr3C;h+d|dLLh~CdouTTv2yX~gheDCY%5|aJmxaUym6_1(i`kskA{=h4bcLoTL(v75 zcOeYVuSeO1*H^ZLZeJS;qv9|*&1?)MLsgN`?8ZEcSLhRMm*?+=;)jAmk5KEnx3M?Qci5i{aWfhL+)CkgCeDX6ML@k-!EyNk#u5 zd9tu7laL}07%`hPO=8JLI$8QRDj(WZ>HqzqO_cuMAJQ~|EhY(jVUlq_rUsWPXH5!53MGB^*&~4`%{RWh;+qc@PD*;V0q3k)(uYDGmNDJ=QE5| zgUd&L;lQ7qDYs_eJMzl~_uc+hj6p?L{ZaiquRVMxk883$G<=1V3_V$1o31(|XSRLp z3>ep#?eP)@e;UbDVz$qX+mPWkfXVjYyoumz8pmW`pY0(bD2Q}t8n}Fv<*PutMdD5n z>DE+iUI)=6dYnwPrXq&hfiDm)b}GwolQ0ux>6tp-9gD`iE>G0%az-M^r!55dbw^_M zsLKfyJrE5yaGI+%=VPxUU;|-_rlZ>v!gYc8KCNnEG^f?BQXf%3|h-ro;8$u_IKz)KME@7 z_@khE4j&!VZ?79Uzrk+Wz{US$8;FnK%tP+j11V>Nx;8knVdX_`Brl@kqYTK3E?694 z%DS^W7P9}MzVPa6YG>5Vs9jQpDzJbE4^^6shcW11z?8QAD3*Be}S4Ca(q zb~5Cb=;8Zz^ksXl$DKi#gQ+qrbUz&ry>=bjjpJ_4_7JE2#2R^Oe%-anO*dFPufgw= z#d9jRcwUq3vEiFuGH^6<6^E6R#A_le=M-!yjLrqdGv%6sR?e&O1+sEZkycK#q7D52 zM+Jl5aJ50L|AT(F{*(F->(}X*=!3eKKu7#O%?`~L%|q(l%KMc~%6Uqk@&=_*@ngly ziZ5GV16hGf5mjt7z79I?Uob8e{v`ZDctiN2&?P(!k^uBiFlXN-R?B#(lWUOaJAK)> z|6B|$K&;uwWUm@$m?M~S)x9bEt`heQ5m{8p3_cr`5JRsL+ja7tO4O^wDxLIdrPQmy ziW9?hLJup)LtI@k*x-P@w&(<#a9`ME4|t$RcWF5@<++jrCC+X6P((&>Nt_ZvpQ5=H2o#Ryn8A4@V(aZ;F}xwuB&OF& zQJ#QXXaqYqdz(FDPvE00u^9>wX@elP8|G@n=CTVAIytA`>iWcDAP#Pn%8> zlCV+|KAiVKaxsPoEHD{{UR5G?D9v8bbuP&E+=*-aFk!JP-^c7we_Qz6;6pq42E3h5 zpwQkBN(pU!b9d3u?E8eY|K*-!KY_o<-OYW63{?6>FdQEwWK&h2bvDm=xd${xgzzH; zyz!0M9^&?J8fI}SWr!c05ilT1VQz@}p=e9}@b&UqrjkxV2tXn0= zx)o=8nsI4wCiT+vX*A&4hz~u&wT1A0*9UbZ&hrSF4I%nYoaGVv9%AV`@s~%4W@!9S zl<$DP6Q6p7IEUbX$?J4EgHiB;*F*f{5po`4$axf3gT9d`=dh_Ee)BHF6%1i*4lpG( z=GdD5&(k^CcZqwQjU?1cm9#z=3Wt3zr$6fVN9}HB01gKsax@%)c>Qn~0*5L=2q^7v z!hZ2xH8cFHV1ay>^}11|dnlTHw+K&&$4DfBs{gnk2Y^-jL5A9YeB0r0N@s0tFnF&cqB% zH>0*18(Gs-ea9_Ic<5v(rT$T|Hb^8xy4*z`mJfNNi=zkKQKOH^n#`OHn2li z=-<$b`boNPfe(P0U=8pZ#0RL*UaEOn^HGgO{cH6qwNv$+>b{~gMQ^B|&{S!9w13y# zXS}Cqi?Y|GSI$>FXWnXgb~yipue!D=je#kO5mO`lc1`x5<#L_5+5C|D_ zTnPALfV28&GSR%DbSrvEfnTy-tx{_X-*V=jRg`X3a}O&EANJ)QF4?MrR%^Z3B+kEW zu~fvHuT~Z53X7P+%JZwCN!nseODG=@?zlLmb!}THmGK(+GR8Bjp|jS3-}7917L^N3 zoXCq&P~WyWP)stOpecvmlByeori)QP=eC(r0ihjb3Ru{T6StO2Z9f{uyUY-Fd2?-E zy0r{H3?3nz=;6Y#lz&#G`l+yN$hB5KB1{_U!xOib4q9Y)zQ`qm63> z!v9ORUM&?EErT+{B9Lq1lC8y3dC{}Etn=%v^r$A5EAE7C({XXp;ta)=zR#5R#L$OC z>DDU-E3Q9Z+{*_kuJovOZN9iO*y0xD>XDJMM6~UD+!l*%tAU&%6%P@Lv;#Q+n zhJGfqQ>t9)R)bUs`N^DrR@a(uh}+;Tou2laL{!;^7#2~K${;^Qe*9Tf$bLqzM8r$F?i-{C(xdt(1@92%4*!U&YlBo4Sd`^vQsJuX>}r<^gWY;isHk4N}qM`?T;K z)8oRJd~@Jm6Sh^uXQT-z5&8V+cXf$_l`fS|qE_Qdw`P#i6~1G7tYq7Kc#E(^FwvyK zwQ#zSJS5U5Hzhb~swS6$lWlnMbuM{YPsv>4g{Un_i0 zux_xNwLD?D%KS-lndvL0pz*uLWrklG8uah#*TYcxn66m+C2gtZCCw7`uhdD^-&BvN zN{bE`)hd6YY*L(6JfIi@AGuI}Yd7kygtci3d|xjp;8!RlKx{)Lur7kCx-E_3iX~!T zY=r{2hiEu^rN-rOfjyeb?sVInp2;5XWUs5t=k$6V0l7PVN6_u_2%D6Njarmjm27Uc zZJAU&5(j_swuPbEXk2U_BtwwtI{aW|S6CDmxDEFOg@={x8#O4yrLq|=ojcQ32?Qvb zgp=YK?GcCv+8DE85|K)#TWui}FHNql&N9E>?{-4QeY19!1w3G^?+_kRHf&U*tlhF% z^JXwJ!PYJ#pOM?^cln)i8F}1pw?7~}sBGS-%5@=hV4p6WlY|g5(2ii@pJ>h4rsra* zY2~tWlm%SSiLS!z9A!bL6Abo+2b3E&7NP9WuC;K)REeq9Hn5oxL3oDGxlwb1S{)Y6 z!O=JIpDLfX$KiL#=k0+}<@E`jFn*LMZ~5^vS6nwUfe5x_TS6f0>SQwX1j~Xjeq2Gh z%7XDGc%T=u%J4=7$`BFG!pbghC-P4kyIejKaBu*lv>+46-sf>SeO_Usa@9rwWpbTt zCN(I~Yjv#MHnT=P11G3~gHm_jp$Hj(Cw-^WEp#Xo_oMI6=<|IAp5yGS%h}luFwZ@K zGM_u>3KTXQ-0?d+ZcpHTW#&GV-+bBpme$@@KC5;H{8zrDG6et4AR%`pVYOT>17%L1 z+Y44G1+@&6x!kbucUaQV340D0F$hcEWjPF4?^52s0p-^y+md8hh+&AW0&#t?laiX|w#GUXR%J09 zMc@b&Xpuw08@V?1mIYlwm}i9*hC9Ka+vDA!Otqr|%#f5 zM3_9@GLOgU@XO43Z%{p2Ds+P<^v0MCh2*Mh0 z$=B224!9jM^U_=9bi%6cUaxFj*MF|F#C4(#EbS90JG@*k#HU2I>9KHIBZReVl*`pq z=Jog>wr64MdVnAB!1?PsWlI~%weOl;u=-SiItH{cP~cj~KGGzgozvm?(7^Q1g54RJNv2-tv=2A|t3@=Oq*L5EL&U z{r4>}bRJL8DKmKxL+6IslTtP%QLaJRzMYe>5iRLV-YbcePF1CttZHkyTms5^MfIC3we7=P8{uY#{{2IJ8 z7S15A@vs!o7`e8k=%|$%0N`_9+w9ne^~rQpmIye?+FTIKpXQ0{$qC51~OjYLq3V;U1asoy~ip9c$g zxmJcdup4sv0(U6mag^~bvellxXkn;owp7EMVYXZg0}~i<1!S0YH!y)-7{;Esvb`x+ z$3jL0j1yq(gLC%g^&;#Rs%HZ&M?t9J3CVo1SbDVJ=mRnI^aop$KB@#Adk$ z05%Y|Wims|4R?Y*ptp@mv*Iz~M&Wru^Ee!t)u~pfZYa7^`Ih2s#YU606+R~nAV!6fhYU{{y|pf z_D?9?vXYf<6iMezdFi7h-6+{oFG*OC5Uo)7$UNFK$fJ@(XyTTLR05FO$dw>3xGCKd zmcEM~E-XU+S>>o<2zjn{74}=rn}^fd$-#;s^`d*rZ0T7zBa&-CnL{GimRVB4(OZQrDD#qf zl7PtTx%^Gsa<^34{-&oi?Mt`ZB^9!t=_x&{-Z%8-E#HDpnTb3cPOs#etk3aP*%ow+ zP6YGljl$;Y^MXbXlG_3QO1m`DC*>=bKYP&}9>$EC*ae!tw08Y8u}eBnDeV#lD~0r| zYs)n0!~INEnWMEa>Ot46!gkVw1o>k8>AV+9`RZcShUTGt<3ePnzjf$3I~OAVVSf`Q z%?0=~RK3rdLH+UtXa&JI>wVS?s@>nmr>@<+wpA3(yX^vJ|px&aUgFLZO!msczvr<{ynrJ!gVc zJYa|9iYLPlxw^(nXOZ`ptlj^&yf42VA z`h<18`VzH5^%LbS%8AM=6)&jfDV|q+O0ijZM3GP|R!mp871t_8gY&;XQ$K)1TEG88-fHOePzfW7u>%lS0~bAQy#0?eb{3 z)1RtcG<{x5bYvQQsp{CmrnbzwrMLUii<%5D_lr*BA_v+od(k;EAB zdayWq=T^o9?RwpVS7hHI9?%{k_JP-5WQ#L!%eNZ)9G{!BiLbZkJc`)Cy(`3huP>hu zr&QEDopJ68ejMEhO6E+A2X*8c{dzd=*bsqM41=VNctD4fy>zC&KGfV?k52jiAA4^C zC&zWxi+1&F-91~p$FeMUELoZvsiyZ$@shC?Teh}nMqVeGRCia;wAIUax<{i?>=>1I zTejsjL;^WCa4!(v`#}~6@P2TCgaioNg#-xXhDYGS1>V&NxIhHa=>5NQPF0=msh*zA z0p)sROH);+>YO@tzVCeN|D)eWM@16Vs5r4x&uP;lS3o@+ z8|!^6X=@`(?nNW4+K_RM!(s9C-i;e_I$R?mz;}c-;AKV=$()+ZW+Q4$gAG5I4r>6w zyw*6!(Xu!(Zd@PCX5%>oiDa)f&T(`sp5D9BPVYS@17K~G(|gaUjMjO2??#s1``n$z zxowQ^oSNoCUNKgOv>v#Fi2S*jG|f-pPFMt$>7qWxAUu}x>MMir;6;r^&(!a(qvSz1 zdvAcE>I}_+`o$*pML;X5d4g=FzsstYo~C#T6|re5{BQ6mZaoSfO-ejIF~#oZq-Nl&UFP!l2}<+Bm}_m%!cQHdvQ#=4sXfb$}+a)0yga zTD{rwOa<&o0E%s=6_3RX_%Y#-BaqXIUf}f25l`8a@7YN>VvMov)GO6IhZErqs5%J& zkd#?$xFDiI(B9yTp3W5Vn9%+~bj-qKDsYCB#``2}(k0(YbJO6)m2}qNp88(=dHtB& z>;0S>2AL;QdJVr?Do=9YdIBlgGQdu7wqAQW3pYJN6l(6pI^rk5s^CBZbH%qYzr(8F zQtM!`_%g1T;HeY&@d*d)lHJC+t&EKrk8?I+i7)RU6`3d|Yf3{9i8$&XmytG-jMOj5 zNE*vr1KgTL%$B_oA{HA0e1oqa@>qk=9+9SL)^o-#-KxV$9aX~{Euf2<{K z=?O$SPWSt3NKLwdGXvaW^+1A{+;ziS<-SIVM$L|E>9gj+l*^#e^77ls z_MAZFW*|?N-`)gwWr=&HX$}BOT{av`$vC%#D;E3sVs#Lk8j$>okxS3Xu!kGheZV+( z3!|V4AAu!&N%B;)jr)4z9LMwH&@3Bk66YhvIS$$PAn!oVmFL`7NCdUA$d$%94(!Jf zTW$to3!=P0?;O96Gk}|Kf>6gX`?yedvn13(aim~-{(~VV*lY43ZmJpLka3Q~xpFaU zlRU(O^|2m}#AggR#(Llb-bfHLNkGh;<7lmdW8FkU+UUC9)%#4(#hw>>Zt4ET?%iE~ z&^6roH=SkQpZOm5b$UPUz1H)?p7(WpwqsZOpS4f6yW3uE+tB*|wBFnD*DX)9TmQc)K!7$>+-=Y9}W8w@R+NA!b` zI{e)3PTxlTkPUHRKZmB%I?`Ddi?$3=Kz%5T*roc2CR|A%20fa(&0V^c`fy$wyDPwW zDabLbdrC(e2SnqkfIdn_7Y0P*N+cLXfrwk(+WV=$2FsmtHuq_h6ln=dhSRk1=qQKq z`4FxolaXZf{q9G%Qy2F-PTL5wj*g^Jki!fRV-d281zqF8(J(S%76u~YN-P*eWZZUl zIYnLG<=AD-if5pc6rt+hRmo_RPJyZ+gv$fOGwd*pi9zHCBvGZqT}V=gL(Mvbg^TDJ z`%fl2U7U29Q3T5;qH*-MV3EWJ5!)Wcigyj97OW?5X??ja~29=43I<7xD^+JL2sFt>nD~1p#AEvnSxcf+q zdbz`~7hy;9Tk)xlLKY*D?co@{N-&zJ3-RSwFajh##N5Sb;~6|Wv_sxSxk2N;ybctk z`gfy;A}~G~k0JoRW(N5c1UMrhA?iLJq3)a`)en||y+e_%v?{1h&fVn#P&`snK{{q&n|AjLjyQinwRO)VFg4DyUB6;YrcPBG|Wp(mne%V5~ZIj6ir= zjCCKBI*uTW8XHnL?0zCd9XkgaOGG#_3rPZ*YbFPvJUy}>kv$ODQ&ZIj1Heni!VYha zfO*Pb3y0iOK^nk5#}y?F03qE7NM+N^Q-wzKg``QZ79LC@NWY#|_>~k=T(AJ#lL6|} zIl+Ybq?Z~#nwcn9!1IuHfh?Y(N`}6>(=>+%!Rf;F?3MQz3k4B<9B_YRkb0yvA%|T_ zC(}M4ycqPoa}O9bvPl-M-Z0206^+CO-6y)$b?D**oKX&a3=6ng>`Rj@nG);xD2#Md z{=VVigFr9?LK};{-8(!)-xW6XY3@vL8V>|Ssv1-m^-FJzD`1Slkm^3Rjo!FEEs=|8 z2O<2nKJsJnY;vgjQ5pUN{pW7KxmQZgWp;rJkKL18n2x zuw;vL>M000fD55=QYpP7q(|h{hJst&9~+>a$d|Y9tD2O;auS)P3h#BFK9wm{@>%}~ z!xT2TiF5zqP$ZeClS6p_;S{o#Vgv3+`>B8DP1{U6^B=TLtXRyHRhzFYOmD@5Nmxtb z%@&d?uEZfp#>4&Y=|1YxIlo0B*8|hlG)r_jgnT=}C&<;|@TMfYVIQc^_TU2wlO~Yt zbLX~Dx6aa|%^!&qf{yYFMFe^pKOw2nM6KxKFfiqCTe`Urg$A$x65LKxl)lPXXrxK_ym{7T@GPwvoo+%oe0^EMlK< z?m39ftUd#r_e{ckG_}#)-8JC4MY+}0{g>Up-~G#7S3}!>+?)39@eX>vAAEZfpGq-{f?5ioiudq3Q}w|9H*_7{754E{GJntndrJjT3hKpEhT|Kt9BLNP8<330b_;!$Qy za=mDotKb@~qSg+#azJj@U~HW6S0?gBKl2CqD_OXfD^&tv9`q0KD?l;ur*$;oyAI0$ zE?RO93K>^GV@L%7hOB8psSG}|)wp@Y1WOpj^>) zmP;m@qe?GT>TOWBP%`&VMoQIaz`m=-S$1gG(9V6k28-GHQpor`4pnTD&Za_)AD4!XU*A<7UF&~ zCU4s=vzkh^R1?|q_k?*PnDSBEZjw2Jm>rwEN1#%D<%Kj@pf)*mpAcQ|VI1c1-nIJ%s$w{;Z>LKT8j_jw8Mm zR#LvpxJaeT-O3Y!S}ga|vKLE_agnN>yA^Itb-mDoGY4wUc%Hh~xVWE@=ksl%!|$;R zhp^z*viQv>$-MQoPTCddz(T3m2)}^T2|2+BC>z>CAIAKAJ7Y#eHmr@yHg}3l2US zQ7;CIk!pS0%X8g`aq(WhVR5g3>ji7WS{3)b-ne)V>uIA{;#WvaFkxKW!!C}Ai|tFE zsjG~OR7KjYh~Yj@ZkK2fr|+si4d({lm+C!R@B92s*BTe8$g^AF0Q#=ynLh@sEfY2_ z?qpYZh>h#{4Y_POj_oX>rnF>8jq0%sO2#43M%PjiEfmkivx&@g#zm_5>{fV;jqCaK zL0~gLON=M4F)j|VOFYQN^}HEngL|lYvwe>pW`p5T9cO!ZR$1n!ju{sz#?P&Yij}VC zSG=j4-iG=W&BJS!@Yc)N!?k*7>-tXpfEQp&E{pb|FF~6OL1Z961_Ve3O=~CJT_{iG zArl=cS10VP6a{0jl}77#>MHrS?0A(bEfo9EVIR-xIlWZT$B;ft2-0i6H80p9ALF>+ z7^wX{I=r7mvtYls9 z54qMk%i>^3A7SkUOL}opmNdqiiXHRCbzmJIVrK;Fcu{5@A22SCvWupC-ENs2he?zs zFaes=8g-uhhmv#+X7Mn4hRO1{Clt)$A$cS(5VLrYoe|991({hqz^({p@xq3sh`u2F z``KNBS-h}5s3nt-jI}hF#bI_yFpC!?W-(H8kIgLbRfgFm@l{@6L3wx$ipsTl9*H3D zuQ}s+GGbiZ&X~zFCbzqcMG#3QkcH2_fdh|B-jyk)svj)wKK{_igTcd*L$libu@aBH zD8~<#?m3!1e9uHCd^o&+_x@m}SeSmOHaaAJ;K)O>>2PSrgAeR4?0@9YNcQe~Cey{{ zMR6MPSbM8qe(6|HTh^K4*6wU~*N0uVySKY~zuLQ{=h^Om?Y^(;XS)VE|GD$mI!|?u zc7{6JeShNnDc@7R2Yjl}?fpaVr@bHZ9`bJX{Hy18JfHAnJ>ib;c6_DdOh>un&W>x_ z|CUt&(A$&koo(N0`%K$YZTGhgwEk1;FSowj`atW(mVasaYRlP{sg~V98TeoBUvap$~8E8B%K z&>Zrnt^D}@GyZ06t;CptGj_UGqt~+<_n+ZeS^}loX%JR2egBynJa(tH7RLMfipJv zJ0+Dl+*OxV7Cyrv;HjSmgIk#F6+Ux~_4W;Jf@E3;t2}V#YU?ISt8y4y*ji}=XY9PS zMvbixH*kjMtBJ4d_+)FT4VOW)W z$q|Hw!_-+b*MEkm$I*}*w3X(fv*{qL#{Fk}R^tW_w!TRJ8E><;5{-JSwhcarjquWc z#?H-aFbIi8IeNn)Ghxke_>7Izj}`4S!%j5XYK@!#IvhTWBaOCLcM(p7!(9t#)NS3- zU~o<}YC}vkxM?Ac_MaiB2@YaT-(q1>s!gK(r>U~QqHXQ(DkEPNHi#^t&%D&T7FJZB!*35=Z zKWa6lCA@HE7t&<-^rUqU(d5E=97uBTG-3JhF%d~Fys3^NL#GMBiQnKnvV{a0I!zTE z7Q1I5J$8Njoq=%ZKm7>CVxi5qEmp0d`_#WjsV=*!1nNsUjjuteuAad63N0plI%~}# z)_~I(7cS49&%IM0RI>&H7O-gfiC*pBdE#T>iIzT*L>gg{gv;lzR&tT?$dmC`C`5e-hc4^w0FdNr{_1? zehe4@Pqr1&yzQad@lvE3{nVf5XTQ(?er}U-@ffqOol0;Q$H^5N>qUkUxjuLBa1XzL zT4v_@jIIGlJsg3LJ(^Xc0HIY=G5Fns=~yDAYq?-D8efLFeug`N0~!9W-?EZdDAt#s ztnid&c;R8PM`!}-)ia!MnC5jmM;88`aSf&4QQ>}PzLB`U(^NjBLU`$s8*%*dLV*_9w}NKV5Ui^URIL z#VTVlC;J79xr|NteRckSiKGPBhD1(H-1wu6xQGrJ8ioMk5X;$4v#h^}mE8E^BNh9p zX6EL?2WX8Sa5P=1yI8Zv&Cyvyujyn#(}iPQ&;%o9Ii~g#NBMj#XbJjjHZ(qZ5kJwl z|G>@G2bFRlmfd@PhpC*$y)POwYDclx5_I~}jNr^a`hW0!>Q z^hM@7eR|lqsIw3CqIrJBa@+F#(oCLP%3Lf%o?C6yDF_|mrAv!DZ4hxeGcz-ogMg^d zatJCwl8gtcl*3R}r}PSgG73QKO9Xv{23@tRx0iPZGsiL|}5sq+U#vA`rNk=qL~lqFF=fWu+006UN0X=RamZ zh85zt=3fV_Aj2rj4Co-?C0%pI^CYNQV*`4|WDl3I@KPtcNZ+}Mq{6;+(rXw=dwk+WRfG{o`KX-qo_uKAAT7K8v-kE9n#g?CJxx3|qEqAo2EnfG(xc`Uy59kl6 z{^q~m=VpM*`1L+w%wNwrMt}J94_%RsRsXf41e%UEjTozs0JC z-eb(aS7yF1uk+2iuB?4z*qFb9wGk58OB>R$Od^tsL6MCiNinJglWHoOjjFLkPETm5 zEdC2Wv(uRGWNYN4_<%31URVMYh`$j82xRr0>G8mhop<_?^`ZIgltE-9lmt55QbxW6 z`Dw2vkB%YJH#0bst@sHZNM!M3vT2sV(?A%K zG79z{*n8*DunK*Q;tB%%uqFp(wpa)-&1B#3oxngN^IBjBo{#eobO^v|dmum?xPEN1 zP|jCXfU9M-S%wD(fhta6vCzV@>2Vdqf>?!WNc0ve!s{_#T$s|Ps}tp^?fyIU*=dwY zLe}Fpf4P#$(o>4lC6u<2C8kg?5RUtbVlEb#sbczoe^R0Z8y<$GytET5ZW4?tA zOeo1OUD23eMvQqk?_X%iFWFJbt6^|g8S@GogLv#o3S5py!Qx%)w2-(@lJfloJ0qm) zld|&tF?L0;`jZ=$;y{47{y4kKG+(TbXpuN@OA@4ff0SJk%J)f0`95BAPmS_D%Pt8e z`y>xs{-*11Yxkw^*Q00B#{4?AKwjc_&90YMM@HCx0PwjTo5G`1OO@-N?ANghOPu6q z{Nl2|Z%wkc7|SF(YoBbsh2>9{&K66#LQ{gLU|_=iWanMvIaX)DXqL0U>Wq$)l%mQu zI@*QT=%JZnb}3J*K}KvCls+2Bk8US!3`9Wq(*R>i*{a;iO_y?YSD+u#9MjLj8ItYf zi%*RFO%{9Nt_ODP+B>-GfnAG!xWU2EQS*O@WrXuOIy%hoj3eRN1t1yDo122`CHGZ9 zK7%h_#n_DCi!a^Od!?(*1ul9uJ8d#&a8ZaK*BbLzveSZRzGU&t-cPywi?O0>jQJjR zr(l6E*(`9rn_UoW^Cg=FUTw^Gu}jyB9qKwR_F&9jcHSH_tS9rHnlql>KL(Bl{ak0v zzo+K;>tQuT)><^2!(DAPcTuK}kKN^3XUt#Au5qYA*UL3ngWcY@UGHnz(boIr-p{xE zrSE_HKH~d^@0WeMe7(LO^&R!SHGB6*7CKm)c$BKpZ6c+Str&T^S816-Ppp(`;=wcAl=alSRnOaW}>VW^Q6)4J+NbF z@7VBz!y~))K?lnL?wcb&X!vys>Hqno&@%y|g-m@-*h12?A_@Y#9zDuGqXDrT77{7} zI!#&#bx24PEKq|o4B?v|Gv;sP0;*{)sS*iI9PJP(HEONX`1I^wie(A1+`M0E$Eoxs+ti6Wz{MJ zL8_=n%J7*Gl)Tj#D*7aFieMJ7b@XH)6b=B*y$-w`I1-|A_n5{Yx@1=gfmK-HG!@_u zzH_h?P_Z#&09@2fID{NatrmzB^{ToFhec>uB#+6r2=IvmQ+eRTYK7e(6haG=6n%%g zC6yk~5;LBG~Q~=6GpmQ$qT;Fm^ap~5k~lxn~nKCc7IIV z-|o~5TMJ|$D&%2h!oG4744nkB>{f*K`^tu;a1e-DguZO$>%X!-0k9-Jf;!3&{RlnT ztq9TY6-o4?S|0X2w&({zlWKWbIsUI$IsO#2kc!kUd!3e}bf~a>ZLL7XhMjXVH5p=dSWiM|?>fv-ann}Sd zoJGW8Tnnn{XgUqVn^+_Ol|A+UtXU|Wi$YaMYJo8`J31!K_M@5<=>bm z*l+7aU%sh#mJfLgJ1u1OmnqyJl)$SKCb%_)FI%tfa^aH@0=M-^UY0%yA#vMdvOmf5 zE@OTJBam0id{Mo;;>~J-3Ik{q|5D~`307$ilL0{N<@iS|CwR>!wjkQlxs1tLi39c9 z5x^Ki34703lCfC8E2TKRQW$sFo{6lz&A0|jiNXtIHF}{JpIUH>26N#%ZfM(`A0yi_ zs70+IgSxVwCiXhEJudNS!h%urn5Z14;5;bF9?lyRCR8BL%@>mOg3pAwNCu3$Yu3rwIgM_HB&{vdhm7&WXF{6EuNVOcBW9(b&*vs{qZ3t493m!6C@ z$OkN+s|hV-cbJaS0<1!X?SAJnC{SK*Y^cD1Npn;O!K6>sFljLS^^CO%tHH~(aokXI z#Y0UwVH7QU7mx$Gp3| z5$}4>fA@R_kpKnHRj2~+$&Q!X|Dok8J?-6p2h6}Pbf4%R?>^jpd-pZH-|qcH@3Sqp zD#v?H_8jlYDn+H(@D;^{<}I2%q1koi?_4i7Yx6z2-hH*(&YO7hHe)`=cA;m4X!P3Z z#I$9bg}Kpk#aLc72GBZNZY48O)hb6SB)BhXS_EiUfPvmoI4%pIvFx7|d1?ZVv4~TO z?cKhAWYj-&c;xN_hxUv-2rDGhpPQQ+hfzQ;i^Ky0nXLe%*~HniV`rk!^t6ILRV7YS z%$KICaPj$rzUu5G5*47tED(cFv>Wq0e(=Ocxg7DDgCJa2Fa>eqQ0(Dm9frz3qfO}u zcCeu$R~lUL44jJhv&D4s{d_2|u2`gj&&ouXZ0MZdc?^*AOe-UKCmzg&;#w-MX48ov zfFSj>n#?8QYABwFLvoHpfIYnod8bBGhoWY8<}9_W+H1-?u>I_$!B^ohh8>1!?-Sb8 zR8XG{;5${PD}fa7*@MYYGKf+VQQ$6z?a0H%UP4=CPX)gJ-0E3tJ&@-@+8!;(`eQ&t zHKhtQ!-!n<3%y?2fvpYSK{J;;!8J?7>f8_e7))l8M}Eq|{|;^CK1M2ru>HSkY3*yc zl1yEHS?dV;VfS=!|hVuc^Uh|8W`2Ve^zZ)Z>nj-G8+!p ztHRlQC4*8^Q?s@@jP%6_S!9KN8&`u7m{&q;uir{Kl*N}36UBWJf*1Q)apUd&{Uef? z#icAv8kaGJo-8SElI3+2VQG2f!lCX5m5Nw|#oO6=ETAFe!19^!u1GVP&YRXtJkWq*L|R7uRFEId)<^Ve+TbiSnxlGy{>K%u6_w(x^AzTz;!s2mCwAk zZkI976DvN-2lkq^HPXsvDicLVV{3%2B~%-xa#?BGNTwlNQ`i!CK8CO*yjEjNp#1-J z%I&VMD?2ZC{zd0kJAa|`lbuI84|d+s+3WiU-!|V3-p4yW(eYfzO#6RzyOqCF{+sgi z%8x5AD-SBSD=Hv*{=zlm`nu~&uFttX<$Bfi1Fo{`!}53UpfYNXKVNY?dwHEixksWK zMR_0lNVhPm=4Fpj!<*1Q72$liWkV#Y!6Y6F11&!SYkDx3L+XAAe??NcY&@e!6In#1 zoV$&GBPn2Lv_%M8!tbJYVS({UEyD^!Krg^EUj$>~BNkP0Ii4`u3`3pGJ_oELp zl{F7V*qC@>qXVplxv2!h>fhisMkVBj1#N~=p{bg$l6A^#2S1UPFTnInudn)1)KC0| zWLoQYxcO1@CamF-le%raKqDcH%UOUpAX1^|5{jz8M}cfM4b^^@&M~2jYw#cld<9Oc zoSFa!GNEgTX_>_kvic+iMobN%# zyo~!f^RjgLcbL#tM`mE>q{Uk7oGOQts%o9^JUM2Z+sEGQ*#LjD)rmgKwhphPPJ{^6 zC6jWb#yl*=$JWq7AA*8SDi}4X*(7JcBnUW&g-v8K7#*-fTQd7ZXR*h?+L^>DJ^i(njagOR# znBv@~^(aIa4AGN7xeK6~?&_uq#}>+r(lsp3NKQ zNGDR1S9Y*T*t8b%puizPxi(SxyHVY89_hD)nOTOx2(rldlvYH@BngNmy*g8#IzrnZ z73zfWQSnoX9F;AFuqR26Tq1%N@X$j$XUk2*Fn}jS zDC(~U%V60O7yM~#_sv;VTTN-J>>r1G3cHFKP)b!gG!*<~f{lOAPJhI|pHCwbHFj82 z$#;NC12L&iI^x0+k8BVk3#6h=D5N}_!5pGMnjLB&aI=PxJVAayBp}FA5>37ju`?)%$P`L+Eb(QP)kbr(A8HZ9COA(fZxq zCwu$5f4uwS-OqF(7t27~f`tjgvjs%&x-B-FtpCDfJn z4;>uAc2po&Zyn#bPsDX`I1yZfnF*|p=J!L_K{$zlA&BImCnSd5Pc||NG78hw2vg?F+Cd&n$Ob{pl#+e?TPjf(XF}4qp-hw%pZP8TMCZUu; zt1{0OsStXpI%YDR(Q)ir)yh$NaYvR=7Zctv>ds0v7_)sMHQtF>%t0$eloOV>sh~BE zl3s6|BQQHf*~+AeE$^vY_K;($>^ip{Zy{BvBA@W|zTvuMQ3gU6At)VVcX89%7F)`> z#yCf)dx|Imw#D*(O&I4!8QVF*eTkcE#97(I3Ioy5&S5`Ap}@j}U7b(?p!{OmSqUe& zBSe~qM&;1^O68J@RLAP9KVO`j&?*!Cn~ZZ0vq5l|!sc43)Bl0su_Y(Owc7nxC z@OI|n-m-45ajwj1)XQ&eOruNMf}#DDSO?r2vZaO&-)EdFvWqd^SG&_hTxpyms5?c} zB-~6v0pSD&PB3@oz&Dd3NCPw z)NBfFfw&$=h3pXc8^PY0THNOK8G>lhqNy14z8t&49e$f7y-%0#sNsm@Z8ACHW{V>} zgAbKq(=EctHm_I`Tfn!N7`Bu*U4~+}Knzov!a@WFZ^SHuHNL2wH*$}RGjsSV;WP6AI| zJb?uB%WaOkMVc678>VwQ2sL#&Q)8*-9^+h^^QAV%D>hqp=anoJa1RPNu($`wKonSD zo$wfs8Ry1Whfnip;mw!TCLfB`n1dID_L?i9Z;`LhF3|?Jzg*H0@!RiXF0bvh9^rPY zOsHvqOjgtZAL(M-{R=tJYPPWZjB`}$T~SWl$UnHl9%ind#t3P33z02Dd~1pTvA#9s z?iZTMyKB^-yY0AZgR~oO>;bMqFl5a2vX{Z$*0Q_) zOl4Z{+n{F?QQ(TjRCN96HF}MA_%U$iKW4ra-eJpzrI-`2V-r@6xnplxpUvg8U?iPN zW5*^$9Me*}#oV!Z}Qy)yOqoa&eY;+Og<)ebc>AL>_t7Q)p8H{A3qjwd`Y2*bLG^QBf z#G)NqGO|<0!?bHu5AsUIyN=~CP}apEAc0L)VJq2(1aM+Y??^BEcrcylet~Ml%rhgD zp)jmh?*j$^Dl06`6%UE!Zexx> zNlc#Czi!Z&BUnd8IlynV#C!?vmvA6iXau>IE7uxxSF<~~!ry_IACp&6p!3 z7}JT$OlalS_wU z(W{L)LaQ;^Q=iG6a7U+nhpkXtVa)m174AstV~(WfA2Q~=jGMjAm94%ND-)6vw$TS+ z>V>tnEb`vVP%j{8sKZr+nrc%VhN5CE0hmYuyD_rkpr5#aKN3l%;5^Fa$-9MX012$* zVG06g0dxmEDFsBY9A&XB4fG3oj8+&dR;Dt8MUyA8>=V7D9v%+BHZ+a;DzobNbUv$L z0SC0~(R`(hK%pJ??NX_biW*D=?Nk&A1RFsi2mz`f@VIDe4XC>kqo|!aE1?+fm^EBU zNx}YZhbbdQIe{?c@UopyS-r~LZY1|x4vacofm=y;>WFnIv9OSXn4j%zo*B2^Lt#Ut zdmtsYI)yD6XW?>TxM*ZSsdp+BE7eMdVv$W90$!IxBg4oCSa>q*aCYa8eOjrm=}cv8 zgrGGG!#uF5?((7GVbqr|Pt~8+i?G4t&5l&dlXxhMx>LIm>a~PsOK1|0)-@^~V*TyE z%lUlW*%5sTsc(R}tUF(sMBo;AO)DxQwz7y@tDVZ-!#mBm_61jlDrAnQu&%mG`>;nJ z8rfBMHZuXx)%w{W(9*hgbjp6)CFz3;;5&IC2tGpqi(#LHae9v3xo86KhmAQ8R|vS( zwa?N3*NT*}1#~d3$}Qu4&Nqn7;QMhT7eN;w@K||G>6+6 zSFMZau?e5Zo(n`=oy-?ON@J56a9$~_$f9`0FN9SU=WVJNLK{w)6mOofs9l_JqV)R5 zO4M#XW)VtXqzSF_`iDC_iLZU}oEj>xJx7nj8S9Cdf*L9pt!)Y)l}KD%tRrvhY%OV9 zU2tJoB5!enP1@pwN!HRKf2}2`_e+rpY=u9JZFhOuy|)>2t&G@;Od{=b5M~!=AE4G2 znOfK7jX45}g$aQN*7R9I?&<}N1!BfVV@_eca{z!osuObrAnW^elxVZ%0bc)a&eid| z9lz8O?;7m7rt{yB2k;x6Z*!R!bbN#97H(fvP`f>cJ`RRx&v6>U_9xQ1F z_AaT_5*k5J53*Ik1@!?gsP8c50&HQvHpABXz={QRI80bh`>+WK3p z#`UUSD6`xlkVwT7dN`~`vI!ko5vepV-Lf$tm_uR7rNYsO7FveHt^qf%Ouz*+}=C;k32!p*+2lNj1rTHy$g#SP;2bssON!joL|9y83A(#Ueiw07>Z2Y~a zJW<-Kjm+#Y-2}-K8GJMIg{s{e6(N zCz_RDWZ`7MbYER)$(Gf`lZArTvY@Sch<`m6HjHF|Tg8$Qr;*5~RWlQ}-JCCF3e#Er z=G$-Gff)1=6yZZ^lo=g$+s*iux#w@b{k}VQB?foy-Fs`mY6ukany21g+X>sutd8_! zi*_U~S8l%j@cw)EAGm-2V*M=DTfzfOIL&Z%hG2W-)y#F7yO6>HMTpN0)FI$G?xr8Q z3XKm@bWDK~Nt@RD6PD0pVz_++<^+jiMAlsboNt&_OtME&PbOB>n&aceLl;J^F^>%c zXowji<~FSOWPnsS+EvDs9{YBzF_uooS01@SJEd=5F9yIp>)D zR$t|87I!rcs#J|a1(lZ(_fw%}0Ss)NG_Zae>Gkpn&r>idZ)GEWj+>MRE-wuMd;to8 zC0R0tFvieeWWs<i1&ZRQg_CbF}IoBsPh{s4rIw<4a~WOR%n`Y`(e%vB_o)fP15Z2 zlR0-IJHb;&`)kd)H?vDTKBRv`B%XxG5KpPGXc+Z*LV89`r@}ck84Ct;iBu*WNe5w^ zeIL6?n8Vj2B2kaT_3WFz z(#fW#f5nnw6Pr8}4wv%Y&bguzzpeEeG?3fAr(D~%!Sd}PWQBTIE{tW1V$McY%IXvQ zKJyecPf4`=WHuKQp{eARt8>aRdB9JuINK9vJK_c;FPvm`T~-ec&NtX?WzXB1KDpN0 z#vg6F*Z^Y8eQZpyS}4u1*{&Dq!F)N6w_|Xvv`+1a+lE>IU^J5wPzWsWA!dPJ2tjB@ zA_xm+<2aV?)^E5rDkoh%zuxoHJ#V#bZ1c4KOY5J*|Nm3HAL%{N^X;x*?)s^&vt1b= z0{*V|XS_e`ebT!hh=4bHyF6d_e4*nrKm$D5_B(CA*!F+5J)oTI(OjQ#ebV)c>tnrh zy?@yIYrUWE{gK|+dQbG8Aa=t4R>usZ0%10$Ma1hX$U_X=)}(A+SL`7Xv;x zOtTDl1yZSvsy<0k^<}umvb+-$riD`BZ4emnUvhXLV4C%9hE;=x1WWQKX+V+!fUOW| zS`^#I0&E{GAfu!!SQE8ce|F3k>xN9twyJCU#Z^8*CnrOlF{JXEK8#a$v1(mV&tQ)dCrkLwj(4&^FTcIHHF*;dv5PUykMROoDTe%R$>? z)HQ~r@#Io;y&a?5?NA|mU5;7{vtGlJ*C-1eY!V@}MBcedt%`8(%s`oKi)vLeP{6iz zhGNX^XDjPTo`k*4Qma7EWxqWN`dBv4&SJZIKh%rY9eTwoRCxZ5+ zeNwOrp74GhyKO76iewZ-b`N_PC$g=?DtH1p*W9+&vI?F)&RNCQ4Z&P6u0^yMa=L>6 z{Ru^&w7~|f>hVl25{tz{;S}KQ=Xee|*W9+Q55}|c98v+o(A;>&IFIb#Drs(VQutO| zbAx@KCxvtS{#It+f9kj~cPCpi&vS)#>x$)y`}ge;Ilu(KV2T7xj#$d8TKgSJnCeq` ziV4sP&ccN$C(uWyUKx`ha2Kmrza%{Si#mLX*#;Z5u&x*LNZlF))<}Si;-x%F=2Zgh z8wct)DFoyvqqamY^!8gxG`#EoTk(Yt(FI z8?KO<_<`z24mfSYs^3aSMAm`BK3tx1FscfxwG5fscT@-JZML7Gxip@6$XQ4qoibDD z%_KnQoj7644KV`JI9XXcVe`)d+T#EPg7#>~yF(^MkFm>`yPd7=r?}O3>t(g$^@RwQ zgndK$j^QBL7Q>;YvF#1$a5Z}pWTlh;QFJh{#3=jBoFxvd*OExh%_VdlERo8on8vID zi6w^QJ8YH+uRB%evb^qF9X8uFqXeu^0`52E%B}0}HRj&Wd+*?@-`cHL#Nc3#rJ^pT z;IQ?Ikw#nyl3^r~;>QfYmIqE-H zp=a5VZq{xg*Ib~8H{MXhdr>+9Ke6P9sza=Z8jL5bLn#wr`N2~sAS8204}-JtK?kmD zRY2fD83jPM!(sx(p{m111Asd*5>h2JOd6$iWeJ(0=wpzqHYgT*00XlyTk&@g8G(SA z(-|5E6-}H4kLG{`T&NgahdA{r=g~Y)ebD03WIM9$Ly(8;VTcZ-x{a`Uafybo@c^Fz zqZ2uet~cg5oPl_FO~&yJ#@rO+(j3cu5UC3ME&1c2k?_1}u92vuk)V{4F~@V5xt5`B z(DigAh$3ZbDwhV3l&&XL4Pc{cSdT?x>9n4WXEV>?i%hV$JjK6=x?&~3#F6w5Pft>u zCRy8#<`ER^?;9RIh=mGoH8Y~Y$VdV60C1cpjOKEQDGEy&?J^Vv`bGqgL(eB=LGxn} zWWu8hX2!^%|L`O()8|W<%T@Y3LkIW3;#Vka13l3lhz_av$ART3g$^N6WNLO20x?@i zlLbQiL_tlzsc9pG2;O*H#$Ccv*2qY>xUh@Q8i2ZCCL8l|P$(^#uMU#c6tBX-rC?dq zO92YeuT%pE?PQj~9$rI4#fvP^Wn|?=3g*W`vUHjJOukS!qU)106jxKPz$Di~fx*|Y zFeYnNnZ-ad0pGb#*mz9m6Bbl;s*ITX>Ztg2bZHiNjsRu^Q~H* zZw!!wEbvW3B~6s0D~J=Gr@h8pmd)Y|EqoR)Bk^S!h@Fg}Oqz5cN{cEPSz5$o3qmG= zlB&DRhgl@L$Yc9$Ny#ruNVRrji%w-ir4cdm=2-*_?%?Dq(`)lc9g8n5f3vi;`Q@i# zZZYOEj3|cqT67ShD$f^6=$Tm!M8B90QHi=C^YU2n{ zTx#34VJVJR@HP$y#W~fs^_fg8lSu~C$RVHO(DR(PZIgH#$DJ2<*t`w4VGb_OZNuA` zZJ3<#8(IukTX*YsTOaCrvFm8pXxGlJNZ0k9e~B!BpX+?Sv*`P}?@PYZo-ccT#`B|| zXxoO?U9DSNuWGr_@}-uaX!*ewqveC{ZLa^?^3|4KX!)C#XIn}wA8Og#^8S{Amg`%t z*8|Loo(dV~c}^~W`@n`!Jg%oQv7nj+qgJC)4VLjxEURWiz)cJ4DL}I6R~YAciYgy* zfQ=Y6YtDDG)p_!&JuN>dRn(LBi+6v2cLr8D1MapJJ|MKL`>r(3^Hg}Q;|Y4{HqP^W zcrIQ9z*)}obayTQ1!_3U3TW$E<2=tg=X@ftK9LCNVI4$ywQ-&&nsd$)usO?l4(%cC zkU5J3ou0VSm^;pQ5sv&fXi1ebGc$v5#gwu|N_1vP&PVg5TsbgtM1_81raA{o`b;Ij zilxJ>Qq)ysVyjt{e23FWW#J^i)h)tkkbx4aA5#$rUnv(!=T<9|W%6UFTx73!@=ixkYqZJAt+9GYIscrsr7-CE6pfMfq)4A@X-vFMFRXl5xLv` zp$f}%V2bflSmH7i z0CYv2+jAYyG4JInLPMRK_uziP*k z3&nTKfCvI?n0?`(GuFioIy>|V#`!Kr*eCWdxhh~0cC+th>Wa(zYT$(&cS7(&(CK*& zHz7`Vo;+Zj=TH;R_VOWJ4!V~W_p;<92Xm3wt3+NV_2%T-1%tE)wp`fqAlpct@!4KL zeb&lp>W8Ex+(o#Wt-&ncguK}}?_r|!9sG+rXfRgh!Ff4PKCte@RmS;tzV(Pr)ly(q z#S~Y|65nf_Z)2~-VXgyLNUU+Iah|6e3z}jeG>xYgBp@dj50ZS~mNbvSTKRyd0(04W zaD$f65_(XNsiABvp+*tz3B1Wz66Rw)md*qt2>c8~KH#7@e77H5kC2s&7StmExtZh8 zH)5AW;ek1hdcy^VL0e#$q5wgHA$MLkdU_ZzO`$=Q&qwK4_^g;H?2Uon=)>_fo z=DL)3UdHCS8qWYIQ1}KKY=8ejRraijTmvia7k(lhV$3QF0bks#JSDr)OsCf3C^6jYVsE)BWnA);tA!d_g|kbA zM+K-XD|B})9-Pzdxytok_ePiJKll7e&nJ4G>*?q^}x>npNo*s{i%2)ME}O3QEFjHd{Bni;4pOlgh)y}3Kg2! z89afth{a;;NfA`1qzjRFf;EW8*}Fs&9G^?Pdn_JhtKkWLP>`0?uV(A9)daH z0dAobpNdcnxUjf@h*>jL48o_#uz}Xo#Ce5&o$Xm6^IMs!#Upw`H4!~9=khdou6YK@{SgB!@_C+7&Q-ABhHwToWg-B& z$wrgNy3@08gy@-wn#iT$|42teS|SE5mZx-I&tF>ToVhDu{RUTW;0~$geJX4CDvVo9TJt(FDmyYJA0Fnb{WU3jBDz(CE$59Bl${%Evx$OAtGyH0{%>~dYX7N@tsPgjUuZwx{;l>ew`W_=x8L3R!|m%^ z^KC!d_Mh8Mwtcki!M3~G5^bB!KmSKf*SjzK?hL#;11p(YwLD4uiUj2mf>ch67i%st`dbv zC5lF%67d8zu0@14MAOL>^jA$y!4IWIVd7D>TsEsFb11ACMZwKTG7Oc7CkAqrC}gWd z@0V1f&`rHBm?{xZm*Xl?s8%K7xDZ^y39U~gQ4ltj3x}W*aVQ9`5``p{h~q$rJ8YHc z)CY|75%$48`6&NjYoQV~*VLJQw3KOEhGT2h1`J5M&=vq_QeBM+qk(5^4cC8jt&f%1 zu0v=AObu~{G5R0Y8_Gnm<43Bru9vO-`Jrb4RG%fV0F?7x6xFpvQRQ}O+tP1Wi|`ZR zziE~v>!F!bzlBWx7OWU-=1J>-jQ`dFc>wH#+I#F)%n@KWBX59pL@ojA0Db}M_fX32 zlX(d2E954yj>tz~9gw3yI*8bhAeVu4B}9IMnj`5Nc@V5?k8Zu z*6++0VI7e}!ajgk!a9I!!v0;lAFha)^rCP~*zK5`!n%w3D(oY2SXf61Oo??st_$mc z{1*=c z3i(hP6}c(cC3&W}Yr?;UnZaoCol>!^46Hu$+fXv0n0r~ft*BxEAbY0c?-Ok_d{Cwy2ogKb!dfxIp<(cX@ z+455@Z?+t7(OP!5yvO~|?!R>Zw)=vJQQ!ldhs@3GC#GT()m^KT^{L$L?|#0{OQIIMsf-OG?dNzL76wT%u@7w~}F^s_P90O>8d;rXiXZ!MYfg z6?%eL)*j;$MP9lUt|PeKST|x^qR30Pa)L|ut~cC6g+h4-v2u`=$acKLu9`;3fV9=J z{9D_eOah~D!Gfdl`MBP=MB#sK#asijMsbyKi6Z{oq6V|;jdnIKI8F6&tkbWPrV&qK z&=huO4f^$)t~D-Eu$^0!gm=Bp6a$F9nXqw*;_BQA*GgQkZwQ9ZBETj8pK>-F`qU@n!)B%;Y{j7tt-#6PXpnLXl*WX%$O(>t$#a z2p(fvI9I|cPab}YDy2=&Oym)LPWt@ep&i6=E9BYC<~2~=H1ktXL^{X`@#lFK1r833 z#YON4P|w**Ou+$2ACKxj02{qTuY`E^y$5y-?HwC_aCl_bz6SaPIbK&=b&buLox4rJ zd&hOeplP#AsD~bORA)I3X}nT^3bh47fQ3p0fLc&GQW*z6Eb#7L$RTC;ph|tw6FHofdWkN#^ILJ{g=TsQ{Ilycag@*MCn5a61#=6}RpB5TTye|D4 z74GzLc+Iw(Q$A)IV(^jh6|&PA6lxQLhhwgBvA2WB)F@SLp+=ZHFajHMb z35nAY1zbsEVq^rAaEXir9W@ne8tz55J98yD(DRhex zbV<=QD%>Aoffta6rVz1#0<#!`i5T55L?4nyyw)VSb{n|8KVz6|e2w?#0Fx4Qzhtc7 zhKUtzz9nGzaGl%70KZugElDJRO_sA-`COgk15tw4*|80{jxjw=C8QW(@(X;Q3gI*1 z&`yR(A{ip&U>1;K`XL|!bO>@H_$%(UQU&rH)rT)O0p*XSy-;$v(wHaM61T#GYh16f z=o%361UoB~wby8;9j`g#A^rbG_l;ctU*FZ&^`6du>ilNsuXMiH`Do`@=iQy_eE;VA zyzf)qkGFrL{VVN1)Bd*mFWkT5{+#=?`w90Rcfft4yIuJs<>!=`veEUV@|N9KJp)mGX*+YJHeZzI8$V)wG+H4?F5%7 z?$O!_-rN9HIh09<0Ye63rW%bUgFq#VM^IQGos4Ip2BjiVD9#kiXzc`VuFnP2S}>N# z<)AoI$fTt>ziICTmnfLgzDM2(E^T6$#7^)g?F7#zj7uBYPVh1>1mt>i#XG^>`79}y zyD8iouZ}VWL)Ge3K23a&d*hby(#zNmrYjH#8LFAp4G9k@2&NPN!ys5#BW(#NPhf5a z!&))#KQvvQ0PbDM%DINdNpQs9gWUkUP|OLpXG=_&tk?dn6MP$he$4lPx(1^{(;Y+u zvtYMdKthHq!2C<)CziAusean|>ecc36m)B2aon0v5GIy% z*jw`BxnnyH?-{o1lGBo*mCI&9ES;ly%}=i=f+hTY_IE>YC}6EoNCQ!!VuCRdaC-V3 z9xaM&Ofq$z?qEU;|1AC3&m<@`a~RSGHud5L8`~ucL$)@yH^s(wi2|c-zJ!hKlE3DR z=V{nEZ(>ycg2v^)H!ouqQUeHR+yMYLWanHkrYEl4Q6`G za;@9~W=qolWQxKdrEhF2s60nTx=AKy(un!8Sxns>-Fk>#>~8y^qg#jR%n<&<4`1SS z^Rhr1+|JRx1kp=WPY(c5EGao<(e1!iU8Ar*F0c5s(QaJYz*g^*9~G>v9cTY|dUxO4@(!~?8cZ-@x1r_08r_i%N3AD@pm zRxCtu9~K}7{Y!bl+T4yc@hvrQ27s#~DQnO!6Hx)WFTn`~hJ)c~JmBx!s~y*-P(=Oi zp+h?l4ei-ayPIrKEt_eBF!g7Sq^DtQo?@o|nMoB=L>1=lz%&fmTDC%tfH>82vQiDz zJMEj)Lqj7B?g+(e2vtYrHSY!|v$;BXE}W_tAqXCJN-K;N%SUyVnPJHgnI^$Ysi3oH zYRZ*T3Hf)*q#*GFGj3rEca>V6QsyXaSh}H;viP_<51jgd}Y(dQL}OX+gDhPd!46FnvC~YZ5vE;$a=s2w|lL|4IXSwT>slW&Dw^| z0S~<0ZMAJQ21kR@(;CEYZ^0$F0T<9&Alq|JlcywY6#K>_@G(jRqk-__)=$!60l}Iy-B%#d39; z2?ts_d(65CwB&S?6D^&cvF-vbIo(xHOJ|Q-cQhEB11+7MZg!IcEuF1eH(`ET7pJAO zm1d14S~@$`w6XQ&2F^a(w6RS~XD6FBwrS~Xxmjb0md=)%HkN3qXf?)abDBDdmI_we z2GcCl(h;k1g9lp^*MIhrW^E-}%3Ez44MKYGgw?pgAS7BEx7uR4I?aR=E#<76KubO8q2iwk*1BUFE?;@tZ8G3 zmOk9Hu|!KBYSvh$rO~F1C0cseYK+z9G<6m&b+`LmH!8G3Kk1nV zj7xi%ZRsTu$o=sZ+fyGpaQ6ZK&I|?M#G?d%$pWGGlt|Ju!<6C?R00b|lWH;=1>R6Z zOQa6=rDW;bgrfwxKf@Vb!tNJ7q#;QCW`xUB5yB3Z@lx zwB|#YiDmq%WORLu%+wkJkIega@}Tn_FkO>Td1xHJj3Oujh(Ap{#GWo_Q~nt}U5js2)MovaNo|Ho##I=g zfVs?3q)?>B0B&}Lel3_`DbwCE%)Yhm3F8t$Y$A)M$Suupx$noA;Qj)*nE;dHXU!?cs4?x5MqF90Fi&#Q#%LZ@y zvdy0^*Wd8v3B=E>2&dj#wUyzw8kbad`7SZd?F{gt;vc4u%_<-GY2qnz0uv9f-Zs`; zUPQ;B%ck}i2Fn`X+EyqApmQ=^gOs7E8`|4QPGVYTZ8J6B%^3wY_`2=>? zobi0fxU`EeMqXFR_3_n3PAo`tm^3c!1F=Jdf;$U8AUA@k zu|nqFGDGGFILGE1#P=gLXFN|L#)EK&+{&{e#^bHkF@7!qZpTDDI;|sPkbPzL>sSR5 zqNQ0ckL8P0Ji}bG<|7Gfib-O$UYn*zEzaOf%MJ=FEj!SxyZt$rU-^Bv_dT9& z&l8^Uj(_a(Z zUC*EsZpg0{x zF*wdw!IH+)h3SY|)wSXvC0|ojI2Mk@lCXpE0G!1Ic=jm33T3@@xR;TCt{y8?K$I%5 zrtr_;M73D(IZ4}T=u}6_Q|bIv*0NTFqQMx@cJL=o)`~d5WV0zPm{NoB4C=)u;wi!j%&EvW)x+sXDium6uQe`EEUY46I120I8j4!R5}D}L z#syw}_69x_Q*FT=auv*it+iZZT%bT$ML>iUEC`Nn;{q>A+sz*Z+{6prtfe^N>3G(~ z!G-Y*j$6;Gi5D!r47bPy> zrV%lmR`swJQKOkqOie`+fR#rr#B@xHX5!fx-kDblvNfKD1$nQ!7GgK5blT~ z(g=?*MGa%+Ma%f>9ih_ftydZs2x-MEhkS&hog;C)FRx+7-}i|1zAnr^p`a)N1?7l6 z|KH)Y#Kc(a`FEjT84A3(Zo6@TLqzkc2E}%0V@!k+R%!5VpvWL4OPDkLlmy|wSD&3J zPh~3@F~^hU+Gc^2=@be$U!eGGv-Wl2rf0g1?-0O>qMYnx-}lJMwNjg}z$Q;sArSeF zh@B&! zLGp-s1u10+p+VrNTZRo7^msRXQc)*4i_5HY^fWN!pScnc}N-O31L%86l)eXM{9spCP-2p9zBYIa`vY zb4#RbAs?6-4vjH~Nb0yj`6E~N=evIdvHp*H&w8Ktmc93TZ}WOQbDnQ`e%l?0L zcYVS2U+~AJ9CYmzg3T)a>9_(R^&mX~p}3guFh?VhxbI zULxK(GwMXi{8q-EfZPb8oKgkzc-1(b}MN~Ynt$YeD=ok-|fGPVr)h#aI=3`32% zf-6QOr2(LgFzTrEI4tirJUsc;L5o&211VPUri#%5bG`tTs{wzPx$!;aiPBzeWM+qD zKL{qn$rxOWF;s;LCzFYw9J7E5JcC+kb`TO>fT67fa>+yvqC3#i6M7ipel(5*!CX`& z++Ab~#xr^_QqPR7*OU2hFu5dItG=r1+Cj-kAqY0l_6IVkMr2w_2S&vNkCGT&sF9Ew zwLDY?6hdj4Vo@D3izp>v^3sOcVr|BS7^8<1T-`5OR;XovbJN_kvM&y$hJ)mDjjco) zDw+CCEvMvp@>b&luQ2dTp40ASY?P9c$>mi9gS>w7CxqZ? zO0bMntL2bQ_#;fZyxbxW(J9p!l~m&b#c3$YK0c`SX0r+Po+33&gG7=0%JH@YU}G-) z;!Utn@XCnXLQ%9V6tJZ5vVGi=Qrv*xxUd#YMqxie)Laz6?<&%&H8q_KhBB!{DuREo z%MyBxxn~yF$Fs?7Fa>)Qc3A?iG3^~iX_qDJ8tV>wm%YNcK+rX&?WM?UFV8+?Tp;Kg z=w5u5iYwk@mt`zr8}3qOz*!qxtrq}fXu@ID`2id?6MLs6rPkz~1aL{<%KEH?zFM6? zhD}wS(krlZW+o^JI}!*c18JN-LT-R;d8VWyDoO?XNlC-s`Nw7LV0>Bqtgz#c3ZFP9c2uV zSv52mkSBE6I#Deb(W!jK^rPC!%IE_BK6{wuQI%R+URQojX5H2(W+rI=mbxU!Unuxf z92Lm#r>9Snty(R~r?_1!U&@v34mW4An{|9o>1mm)Kagd|&T7??v3wX}{PImJpm|7nYqZ8_@a#s1Cb8YY$?ES~5@A zE00~b79BgvWJx4h0?PaHn6)iPtib;d-8Ss{oU8X2daJ#IJ^!=kQ$3?S*LMG2_Y2)S zyXL!ou4}4mTjyVO7CX22{@i!Qci7kM{Wb67-k9eXJX4;5j&FCI?l{!pYyZ{u<87DP zzR-4S>#wx#ZkccS*_KkvX7{(;8TSp!A1E&>J75*~+#0FTyH4Ebak;Nkb_{u3Kg`yD z`@sU@b@No%wfg_FcO`&r6z6(%T9z$|`v^1<&=NbXY-x98$u6NJwnGBBAOQk3B(fyi zBC@1N^2Jr66iQ1e^d!_Y<+ZOZEzr_~vm6NtExqYYTiQpjS9;Uqwcs9k|IGYa?bz!m zaRTqr{&ptoZ)W!2*>C5cd;Wo$W%J6{Hn!dkx{RTS2Iq)(=^b5RwG9@OgWdMtttT3C zZk>aiNE=u*jYm3rx1M0gnVgdxm^z8aAU*R8Iq#i=oN!wQOgzURJ;xhzZkdxDIDSTt zMtZj%XUN%ppmL&J(ayG5xD&dt<6DnyWZ!G+Lik`en*^~lqQIC6o3VrrbWf(lCOA`2 zrmxEk4kwbqbg>BYmt#Y)VgS~g^8?wTr0>lpO64V4SZKfo!v->g(?2nPv=$C`bjEwP z9%H=1drVK>udD)c;%)H`*gT;2ZavzN^X@sxfzzHNoqF%qqYOFknv)zjBL)oU_HI4W zkn_$t$ceSF!-AslUPl;m-Z3XRVc3}w?;PKHcu(c!H5gXrnSnbg_ zy+n^@yHVnhu>-Y7-}sU|I@;FJsYbL|?^eI@;ofF?^8RM*Xq(!pX}UJP)mM9k8%%;; zybq^?PKCov7n+S%c&q8j`}+!d8%+A^G04MBhMeo?AV+KK>`-+LbjoYUdCQ#SM5C~k z3X07}L(ZG$BnLJtb!t#{c?>z%%|VXZ7K><|(T?7&4ThXI%}I{h5#!a9+mLhZ9OOjW zU}UpXh41b%9xM?{C%(x9L!? z#NiX$4LOxL$qC0`cN%0ln;~cGfy>c5+dA}^-T~=R3^`ZNNeA9*Z<*GTPCElj$uw5e3b7fV^m2;31Yl}nMEF9~(qAKNzIZ4sg z&UlA5c6lS?g*Al45V0WUMa!^yM_VUrzI66nR!#n8b4Wf^wJ{Y+ww{Tql!-Y>2}9#W z4fl*!rHs!(O0*3cQmUr+j8&zK%}Gim0{cR>p3$n5(K$%b+d5#aCrBBoN*S4xlt?TN zJ577aRVn2;NYUD2kWo9eo>EmxX--n$GlTZ^6suB-bC3cxPe)9RsXbe&Qp6!H2UZNI zZCVu00M>g7RVjrzqy=gnJ+8)LJ^8AX{G6n~;f%0_x+hnalAD7Rs6OIh*l^u5T$M6B zCn?Z$k3o@?txCzxNeZ;wqp>)f|6gcZZFetsx4Y-NJ+2?S_PE~aI?nl9zuor--!s0O zymxuu<-N??50(IqY@BNRW#cy+Z)@BJ>jPfn`GWgO=hMzFIq$XIW{n)aKZsoskKi8M{9sVMPx>}WO^+dx^UCK06S77rE zN$w%$8w%$6hJGF(<{Jw0wbVc=+>uh@2r!ty)uV9wbtjyW8tRBAl5q0e09(a+t+Vn% zA0PO;UX;LvIZp@lRu8{m)9kBZiLvnDON^I^`D?Z!YkyKT*GYFa5zQAvaufD2e?G!a z3>=1ecbq`4njPKO;=dVdjp{5Ye38b`r|)9h=TbqiVasj5Pg}@$9$!b;lO9OG9&TxN zyH5n|_Yy-fE`m0#VIe46>?sSZt~5O8MTm!d;C$N3CF?zIFmV2Qu03MlyigrDzsRh7 zY~cJtvxjG4<%J&Zv4oeHd5c-o^KxuOeRcxwW!r_TgYNlxiUPBJ3GOAHY{?UA~croWSK4OtXELnD3Bg`!41o_yT;kPp`bNlzWPq*t{_lTb=-88;NYNrwHrn z$E)Y=!M++eMzNS7~F-xz)0u4-12u2qT0qNVf2=u1AKTy6YkKqsBRyi455Gb^*^yxb3ZAsodfu#yM_# z18q3pqz#36ODiv&$2~+Jq+lqlv~;3gJqPN$o=Xu^`~^vU+bb`uoep`X%F!q!{v7Tr76s**DzD`pqG^&htMVEiAetum`RR@{>>cTZwPooJ zFhie+#9@^gJK;@N!90BeHjl*9P&lsUH;KYAe_}MMb@a!y0SyYrl{`cgj(Jnzc((bD zTHy#OJBx>4%8acy*IZJ0ff-G**{%9G8?zB%k_aAJnz`}4*AKE8^5{OOpm(p3$sKk?9%~Q(Lq~JOL z^K+)HJK!7g+7sDqZ4m)X1asffOnQv@nwmdw4lFwoO!CVCG(6gKAPJ)k|CnAMCDwK96tI zl_(AJe4@?#ZDBouDGT)ldA*6b2r^G!EhAw)XBK46MzWw|3BWgL<#&V@X5ft0*40_|CgIC0o(qk zdA|xH0_uh&4s<0?@niT(D)m$&*%YsSKvB>B`(9ySrP%!_Mf`_>I5iiPEd zZ!62qvoFInbh9tiozG$cy((QE%ENjX-WnEiQ9VMiW|#Z+g&BCB``8gFn4Fs8 zv1LAI!U7!;$Wz5O4Zx{a5MtJ1vr4kX!J)HC`J5Q+V9%Mwc*u;qF3J>^L5F%Z*ffCK z>O94G_nz)GV2mE0GaFevRehn=`E`lWbT?ao$DUBPT&S_aPjBL1hkvu+axhU4T%XTp zO*`2Se34M0@`BhCyH&J8ixzF`HQbb(vFns?ofv_=?cfdnC&kG#!X8Avz=wUx2w zSOM%w!syRJ_~r|1wj!XOy24aX73aZH*vm!DDB8(IqqQvwFVu`pz~jL(-b8SAdWIN1 zWuS-kp)cc)L*Y^*JY0EUf(NeS6=cypyF`Oz)b1Qs=2Z&bqmidV^4A@4aYA76!z=jV!84JN^@<6CR9qAb8j75|2gbJ;2cJ_01 zdGVGLQv(AjHKoTop%u;!b*?T*-ePKnZ!zCdYlXuY3p?7mx*&NAAEJ2kyvhrC{uSOK zh}tse7Wlf__M0BIb#)L{b)E~x6~Qu)*dyINoML7R#O9yyfam*#T`cqka$1lx_`oG4gG z9M;-X-1;h8rYs&6f=7j_k1DlK-|1s%ma1->J`%0pi-3;Ai*}5txxD42CtpF_JyI-! z&C&B=t2OM*>f__B{1{d+)=}*cui@oNsSg&E4ROmPrlr1p2O?mkoXHL+a=gZ?wfzrB zM8357U~UJyQn}2)#KDNjC5oU(`QpLINM%Z3qi%v3l1*}xYjb5ZQSL9oF1lJ`OdThq z&t}naS_|v`s^!6YI6kmc?Lk?O3tw7!At&mHUS3jfF?vrghQ2{zKFmun*ZQ&t-b{sN+NE6mL^ExRMJshic>*e%F{>YmjOk zKG#C!B->wXP2X+$T+_yexcknA`3-LOJKPt$f8*Ze{*Lpn?r!JZ?xUUU_7A&$;`+Mn zFU@~&J?#3R>w4D~IKS`ju2;K5uuEXFd3E#R<|CWOn+KcEZ|-f@n@?#zqUkx?&*3zH z-R$>e)W-)#?tU31SAq0u2bkWiudYlT#dCQ@7{V?Y6(!p?S4gMfzp-{!X|ncbtUVHe zjco1daX7n_S?vpfrAyZKOn_;!)F5n@OO(wNbGK~Zr__@?qR;Gk4 zpskyE@l&!WV`n*Ubri+|;Dm}&+gz>Y^V6WaD^tSy8s-C|bT*ED7KE}LB`{XBnfK+A zY$PQWgl<}uiq}-8nt5R;jB%ITbx3plNpborQ)Yu?r3I17lrTyuy6C0(;n+aDKb2HN z$C zwJ!RUup)z)SEhuu zyQBH*7STN2l-ZPCaY56w%skzcu%IXEx*|(xJa%+ts*y_;V=b_?2p2DadAcbV4-wQC zP1Fm6cH-5FHR`WBxiV$vCDKh%k(xOVgzU#)5+4KEAM$3|k8K`(JKzB_Xesg`GV5Uh z!w8BreF)5kxc(VK)b zu!|G2rIXm9w>X7!mV8uV#tABYwGYgSdEW321*eUngRjvK#<@#VCu@exg~1s^>1@nA zXpC0y3MG`}o}rZCFUHYL!|0eA7(bsjd~QyVCQPzeCFlxJb;Dpw&@`fMJQ9*>8ZqbI z#+&NsX*2Lbdw-e)2QYAbV6B{4#-3keHU9$B3hfQv=v3Ksf=XdLFm|&%EB~- zsem#HzymmuBE;7WT8xp_ZEvG_PiP!^XB@@jb2ckSD+$H5+V#rjtD1+K`@G+AZFKzA z@k7VsjyoKqj*A^D9UTs@{kQfT>{r;HQWCBsU3O=oS~%Fe$_wy2`%k4&~araK6i6I=GIHx0^a@2W}v0>w?OZ zu+CQz%MwN`dTP^5L>V@BS`w*CMk@^wy zz}oar1N{qOeoOQ($~cx*nKIkfD#PUNR67?bIvi!A!vP&5Vf#v`M0tKJp~Vx4NM|VC zkpS!Fi2>*$C8Lp0NB=-tPs8>PHL63$D8!|S&Pe&hRHR=`r&AqK=)MRuSEBn;Hg#Ww zwJW@%)_sAllrVQCx>9A{m4X#L$IY(D|GpuoR;Etj#J^57YAiGfcP&7U76yGpv#UJs zEl~Qk@GSjq{M2)9ZHRf!`VAc3?AV|DbO6ncIkeu4+T42g4h$)V+avn)eq5OMWhBuK>ms2XfV~iy$b6BFTlTlZX<4wbp?yiA07VW2uj3ZK+Q8?2Hf_2z zO(4wWkEPfFN1KJ^F%Zbjc9lRhGf`7wW2&7YQ?$?^q&SfU!((Wkj74iVi8XZr*7G>a zM_^1ZH@LQ#XQ#ZjOP%)b)9gT%_O|IZ7uAlqEYpgl2LW=H1D^9^_#WWD{|#@7K}Zbjj$WbhmFk^rW?eP zP-ClAO_B&$oi4MSvJTFN%p}>Ss#=8VZi(uis+l2tor~o?tJ0}V!ZKueI$N*|sP4V6 zNC9NCM5btY7tidO@XR|_@Ez-qC!PvNx!4rRa`8!O-B0?tytQNmS=xanowJ|B!l znWbc-ysH*?5UXz2aK9UT2eW3v=lGTKO55EE?BajW+2Zpy|Ec+V&AXcKZhlX5qIr39 ztl8Q0i>7i@vPo(5d;a11jpw`Wqh0@W{mk`c*QZ=px>BxnuEj2|^S6$Y^J&M)w!3YI z+Z5&Z%8!(Wb#KplO>OJl&|7c5yQj!)^p;?u87xnL!`WewqWk>b5L>tao8{oVZPQ4~f$xx6 zRhfFd7?fz@-M=x5?%&9PoTpf-OkF4hULXV-qa1vFMTQMsu!9FiVBNg@9&AX151lwv*CtIL$DJH#wQ^oo<8@?xE1Q|E}rU&pkc&lQSsBEK^j#iC%~ zM(vEMsvg%=SV})74zdu9i4oSi5GPomhX*{&1_8$A!T8Sx-jNsMKV#DPPkUwR0v;&# zIE=wY`Fi;ZhJnO}U@;6d%7%e-*fc*Sb_I)cjIv=MvB6gi1C5%8fyCxsF*YzdKRytL zgSKI3Czu|GVW9XxG?a)Y^^gi@ccfDTV1_LchG8JFy;ltCjGh=B(EB5)Xee|&FhJN$N@XToq7~d3|&c*oV zC>jWv5)Tw%^!(VEdx&0o(1in{C(HMri;0_GJ*VXlYQIsI{MAR6faBTlLo3+eq}NC=EL>7iJEG!<0`^i({Zw(en_ zJ5nlTV1xc(F+WnM9n6#{!G>wJ)&kCnVv8}(BJk|%{ryxPu2%GS`Ym=h; zSeACkCO+!gj=>w@jQ!S?Q8`#Hh( z^-Mr1FZr-@m&4WFEVtecgkqGy`$%4U6 zu`^Z-ZjQm=rW%RByA7G%ZH#sN#Aa2|@f$OD{KQ68(eWFb52r|g9YHW|9FKOg8Ys;S z*rj8k&TurXgGu-PsFr|^pV*`-dTnDT!p5j19ETAHGlEk|{$SD18#DFugdt_Tqt?%Z zlnHySm@>nR;G2%COl{)d<83E#D#qqq@zx(B=9TaMy!ruj_zrfSfYlNEm?_vt{X8_$ z4>o9F-)AB_QObz*Ql-RjA)9W8A!{&E69>CA9RqN>#Q-c{Olkf79nn-Go=hYD z)krb>x}ogibnetGi>pf<(y*K(mEnCxSpPNHUIH_|=`vWhPG<995hOHR3grg|V9`!! zbR^48lj_f8p>Y&~#jK%JCY39Pm~qfhqCY=UK2A1V_6<4sPI;eFVOwGs6EF>@H)0v zhUNBPcQykhpqYhg0w6C9q;o0!yhza!C_7grvSY9vuSSv~c4j6XhJ7`#VSIlR7&H=Q z$n53?v^jyb_o+p zH9sHhET>b(ldK+;O`i|O!)JevoTH5Qm`lzIvK)oq)A-ou;^wBBEuax3Z``rAR-5h8=2nN-W=94$u!)iLa!LN7gDYW;8LK-?%TW*9 z$lb=u--O*6Jm+M>VjQx%M`q6FoczsZ8snRox3#JAH!uJMJ9R4!q7h~cU^1h4u(&h{ zRv5t&E;FN>L(Fz6iiNBhSkNj?Fv?D_Rjnp^n5EsGl`DfKSPlyIni716F<;^ev1XhL z#?}q7=fE(hux=sNaZX6XoL!Zvt9a@MMN&88h<-rIDA z_ZQx8d)IsJ_k7s%u7;4~Bc3Zf3D0s*i{q`1^F98CXKc^fK5y%FoT$9tH)TK1-tAj! z53=7{6I4bu|NZ`J>q(Wp8OV8dTP4Cjr*ex$em7Y_=w7vM{aU_sx@829@?ttT4C{`I zkTZ=oJN#*kHkS6aYu!AoHFFKe@R?(DO4E;E7Nq2DRL?HpDPnN)% zmf=DfG9g=mY7{iE0+X*cW%{#9G}?l&trI42)4>%v&;_uiRSYf}Dd%B4b2L$A*7gcq zxw_Y^3a;sA`#(#ssO)8f?RML%k)^{|XEsAE2bPeTJ@iCQuk2+5>vr3P7{M)=GNljp zfd*?LVfL6AY;m+f_SpB2zp|HEy|vp!-$A*>4?b)fqUPf{rm~kUO}5)a{!?x?R70)o zWs8&TcyO3<^L#jGGuj{4%m<#KKq1_OioC)V^cfhi-SmM~qUbb-AZWB3O zx%ouBUypXC)i7B3+RK)H+HFEPl$)#C0r#-wpS62x>TyJ6FIxy|w;e6mxtZ^Whu2_p z9kth(*YHQBW#43oP>lWZDUJ?3 z9ZN$3*@T6W!0jh$a1eM3)<&n_WUK6D+dk~J8@7lfZlCj<1vGC9u$3wZ`3*Klv!fD% z!ZZ$_s@R`|9>7#ZZR2qewpa1z;s#{g$-ozCSJNR3{{&%af!J*g&6O4a)jDH6>~@Cw zW!*$B1^pptATrg41qYb|n4jS54Pc?cx(UecV1=f2AJZ5mjAM)&l&YP4*rkxpW;287 zTr$o4GKJ6(?8pd#oeSm<+6PxKqX@GJI7(mL7;c)afDT(*A~(?nLk{iS=3#qBB%yY8 z^!JD2kpwJygkuBQ>7D~2tsf4tAJ7wU=4b!(?bb%MT4xd=4#wEqRaM?fA8!XcX)oSf zfvHq9tbf57P2vml#^|Cx{HV}P5(^DN)f_M*96q!4Izss0Uu#hjoHlI=0;*v@i zpsT^Ma@FbwKUE?%oB`7$+;BKEJIM}s5Sa+_3v01JvpWNw+jI(^Y^n&Vw!CIrEVs3- zvX|`zg4#$d4_CHJlM^pWwyMrS%q>$v8J04aVcQpYx|9=VE5o3eW|OQ&F}>X=ra{go zNzMsPzf=4*IZ*0uYzm@QsMSi{qbhsZWQ5%&MwpcCxDpqh#rEwO(@H6vX^ZMv)e@XM7f#uTB1>)fgSm1 z&~WntSc%(T(^>lK&@-_0Rh7NNBBOPR?{t z=%8>E+R(bHM&Afc%1e1l--J!dTmCgl&>6k7E+{s8vf1U;<0Ge?)HgFel)IN}z0qae zv1Ofoq0S}INFVe=I%4p5xI^m;ErDeqs;)0v+S?uLyV4j_3s=Shuz`9*->RyRvTaynkJ^gBniq`d2C6aC}hle!=@-;17YH1il&A z1M2`j9Jo1fU0@<`Y2fvNm4U^9w!nhGVF8=}kN%(fzvX}2f3N=|{_XxZ`!Dlv_V@Wu z_qY3l{=@xt-=BOx^L^X*Ip2N0+kLnA-r~F5m-SujTkU(DFYG(XcZAQ;{O9JMH-D%3 z^KfRsN1NZ#`iV8 zt?>KeS&eP+GdQSBm z>+v+a(C~wXFE>2g@bQLUHN3y!riQHz#fD_V`i9wMRluDGk! zHP6-L{JZnF&L26y=KQ4d1I~9k-{{=w9B~dfFK{k*b~+b1PjEIn{^9tYjwz;j{nK{(Ji~_OII?vwzzDpZ0gxzJ>i-`yEn%;_p$R(3xs!<{mGScVVD@Ut>}P=*i4 z@O~NIC&PPXc#jM}Bg0S2@KZAUqzQgW+5HI_eq4rk$?#4Y-YvtA$?&5xyj_MLk>Q7B z_#qkorwl(R!w<;tKV*2D4Bs!q9VYliW%sQzoRr~vWq6AW-zUSHW%wQ$zFUUxlHogL z_zoGqU4}Qw@J1QFO@=qf@U1eu-UPp(?0&Nhuan`MWO%I%-y*{|%5a+uD>B?F!>eWZ z1{q!@!z*QYg$ys3;bk(Mkm0xqKB4R$mEnjC%Q7s0W;;Zhkc zF~P@_-3}SrP4KJA?jOnUhcbLxhCh(u_htA!89rr#Ur}~{SBBq_;kRY@Eg61OhTo9k zlQR6848JPFugLJrGW?PZzbL~m$nXgneqM&3li}ks++%{!blEM#$7Hz61R(>TA;Z_1 z;N!~f(`C3=hNsE!wKD9IVW$jZGVG9HRED|?H5sZhjL0x7!*&_A$uK0t*U0eICb&o0 zy-0?wGHj9ILK&Va!&l1i6d9f@!;_#n9WXVi<aU4Cl%4co`mN zg1eR7$I9>+86GXeqhxrb3=fy#VKNNJ&@V%u44Y-xBtx$Z8)fK`VS^0aGIW_B6q`s+_H?sq-udcyUr>v`B&aG2ZU4ntpit$Vq9++A=Fxvz8I@4nl8yZZ_E zQ|@OQJkU>%H-sBn8kRQ`NqQA9w7o1STUs_97> zMcCPNf79KKS2u2IJfkt#sCb_7?DX6Qqa&LQxoDb8nLMB_H+)y_@MGn_%E;&{ff({Y>Q zYR4wW8IJ9a=bamz_q&dBjk}(5$KBiA&o>;_u%V&QaDT&-p5r`W&$#C%&r_b~8sm*? z8@C6Z3p^Fr8Mr-gQ(!!>DX=^c4jdOy{LlKI^xyBl&3~Q0;NRds!{6dR%=f(S8Q&9* zg5z%Ian7~Qo19O=cuN6BVV-kuaNp#9((`2FxZ@`0xGUVSw&8jB&hUK$&j+3fJQ27% zusv{fU?{LQ5Dx?c9{+Rxr~EtpxBGAMkNY?Im;1y1Kb8qwjY-2YI*PdW81H%}&=M%Po($aYUaR0wgTv-npgepY zyUtf0+=kaJc-@HM-H6{K@Gd9f+c7+h_(6dm3!?uJUSEOXUln-QF^GSR;ar3B2nxaeeqk z48H@z_u%zY!v8T1!?&aVcLd(G7V$4J{2Ii67uUyng#W`I!0@8*e<&dEt|a19Fnkl@ zOYnL&UgH?P3Ne1ahYG^~;rlSW3&ZjIJ+@5v?;6GMS7G?q@cIy5KZ@apBmRlNyRH-0 zhrcAQpZ%u@f0%!-`N~88Bk*n;hW{GF@w@GsM9jbE0_C$$Azp`9{C*Grh+zo-9Qxz; z+Vye7{5wMUXAs|mSNDf9E{($NaG~g!d;foTqob zvXk=*SImbGuEuaKcfPXgd6e^MydU*z=iAXA^XtwJVfaFJ1$jTj>lg8QABG==_&I@h zO^NFx-^Xy92;ar?C-C!I#QeSm$^*YcjOo~g&wH#%-2cE2FdW}=7k{4x%A*Q~KY`(8 zfge2*@wFI^dbR6L^uI;;Kjy=5)URESitxwg3;#z?^*#Cj%i57h-{XULJrA!-@rru( z_$v^5#dXhL#r46Jc#Y!~%gqOm5cq+;c>N7tzlT@M4-fGCGGBQB^WOtJe*(tx0F@P&(jIlZ=pX=Ct#jVxbk$um8TP~n7{Am=>&{=aQ|!Z{uaDqxqiPx z;QLT7@8kNrK)H|WFI-W7@B2@Thx&itRfsp^70c86&P1%^^(4G<{ue0s;(OhT?{zQo zbuYfxz4%`D;(OhT?{zP}*S+{&_pTCh@9n}XzSq6SAjbE)2kW_ec)hqlxrdhnaOL_A zSFYD^#qV{`72^JT@O$0E%Si~w?{yD;uY2%&-Gk-NXRy5d49^D(l+WOMeTJ783zXYV z5ps9_(f6!!Sha1+uIT??uvCkk0m(7cD>tG4m;J|C#(%&cw)Fpqf4L+F-*4wT{hKV~ zzrjCl>7VuAB+0oK({rK!cFXwP{+*Wo?f$1EIoK}Qd7}S0%lO`a$IAcFzXXDk9Q>Y- z{wxr;jQ{n(T1)>&0z;A<%pZ^55xCki{`SCjOaE&EcbnzxK1%TOXfg1FW&DkSXDt0! z2A-GXEJQiXVja&9Uhjj-XB?kW<~;Ym>R@L7o3A*C`TysQ6##7hzdHMWqcs2jD`N!! zoByxQ{%@7$|DQHi0I>Q0>g<0>n*aZ*u>ye2|5s=K)6)F^PGbcCoByxQ{$C)?|9{F@ zCtjtK;8hB#*x&gMfgXuo|vAN|83XKZ|zoia4f4}+-p$e}mM@J1QF zO@=qf@U1euUWRXx;hSZ6oebY3!)s-DjSSytg5Od0RAgwLABIr#{4hZC{4l_6^1WBe z@Cq4TF2l=YI3dGv8IH+tRE8rmEX%MY!=en$)5YIb_T){W0CO@NmSI+g1sPr{!;B1v zWH>0p0U4%cn37>qhW#=$PZz@*nWu{ZZj>XNr;ER(?CCRw0(`v;FOuPfGQ3!Z7s&8@ z8J;J@^)g&1!*gY5o*#xpu9ZXA$Z)j`SIKat49_;fZz_9M$Z)v~&y?XZ8J;D>9vODa zaH$N<^TUt~^K>FW^K>FW^K>G>#j>c=WcXSccFC|)hH(@8hO#Fn!wwlnWvI(glc9Nb z5hRD@&~_QN$uK0t*T~R3od}W_$)T+>Y?0wY8J;S`SIN*kyZCiwk9l?xpm}x?;7O)? z0R~|$`(uZ)UL{#CH3RYoHBSh`_kD#NdZG+Zkl{QT9xp@l3@}JORt`NzhDXcrC>b6p z!y{y9o)CUg*>jjF6ktGxei`~?*epY@3>#(Wkzs=j-7+-K07I&ra;QUwb{X1as7P@4 zUK#$=1iz;2{)Y_zF2ldca7uhR@0H_cHvQ41X)b z-^lRSCI~B%ekH?S%J5kk{z8WTEyJJ5@TW5Ti41=%!)Lsp^t+w!{6Fje&vh+4>(kD4 z>;QHQ@Vx`Dhv1=o>>ZHD4y^VLR7Vbe4fE%-?;ViG4y^VLR7VcJ_EML?^gLqV{~ZIS z66z<);~5za$#77H12Vi+hA9~)W!Nvngbd9+KuDFj2MEyI0|aR9#Q`*T2mzWqgaFMQ zLV)HDA;1l$Wc*lp+}t4qXzmaKGW;;Zhkckzub4%^gCJZ0-;OGyWwT|lV0cLC7cy8vkJT>v!qE&!T)7XZz@3xMX{1weD} z0-(8f0npsL0BG)A05tb5eyBWd?p**h_bvc7ncf$mSB8x;Y>=T_hUVS{h;quI4jI~I zXp^D2ckx4IkGXdN(A>KKXzpDAH1{q5ntK;dD|^hn3xMX{1;FP`$pC2XYydQOHUOG? z7XZz@3xMX{1weD}0-(8f0npsL0BG)A05tb50GfLj0L{G%fWMMo;g>Qr_bz^*?D>T$ z6ySf$@aHo8nGAm_!=K3T85#bU41XlUAIk7)8U8?q-c@gE5iq6_<#)Wli|HGyhnzgk>RIh_$e8FQigZS@DnopxD4-- z;hi$P!vtZX?qf3is0?qH;YVcnVHy6X3_mEt56JL8WO$nl-_OqfbJ$N+yf-#H2p9Sx z1}qr3{%}X5Vn6)w>l>~=R{2?SK#g2}c`~2P!a-r_7G{4oxGn={rL_9Ir-6yL(@$f@ zOM=NPSUp^P@EQai`|zfmlMg& zZPQMKF@+3*dD5r}mm^`VgW+VN*ak-IwNN-33Wqy=mR96|K`?CB#m?!2vuMI#M$TtC zUWQQt7FW}Q`Qk)Z^@#P2a7rGx!pcIymS1WlS?*$X!czIM68j=xdyg4uh2)!#qT?ti zpEfS|4u%q7X|hmGkHD9=HU#IJexM9{Kg;~XzB0T4*we~(1&1<&LoDB&*3R8G`` zyy^2^d8Kvcoi*=z_c!P6cgB4&^6kNAT63O-FTqZSuNt4*uWXA348@(+85hN3AkVw9 z7tg-vH7y5QX5bn5*OYy^nA!6$51yWZP5GCH8)qpBGl%Tm%(f4M3uk2Fgs^tFUj_{Y zRkP+~b4HePF=XOv&b9M0`I>XCS)=?kIS`3X&(^(A0GF4rvW3~09mou}?jwtXy;&%P zyFjtFjHE%``P=h9H-aHWuvl9qKm=D0hd(q2G|XcEPH+pS0oIC$L_JH~YwOf52W2hk z-+|%(Q-a@;v++#*mUFIeP<}FdLt`Hqc|Thj|EFa&DAz$ZF{ILZZYA|>&5K&QLzK`) zJW)E&Xj{ysWZq}Fyzf$ZTA3`B$1{s#;CjEx;(fFzq;hyhK|H-spr$Z2gn9cT!+&Hf8hGKYpZL$YoT+>`4!k*zS-H~bUME3xWzH-SmHR!{;d5W`;GRb zy~EyUd)oF1Tg7&stws5h@`y#}l)Q)mV&ElZK%GoCDK?wO=J7;MdWF;3z)s#8$mYk^ zri;UwQVF{MV0=BfIbGbCNx^VIDxb?vsFSIBH$lD6jng2h` z9kV3PO7G68chgM0Yn@yRH#Kq%hi|b@wQHSRQ!lRRv#qWd*Obpz)r)KBTqIs5vURe@h&oFOOk%r@xYj8!w6bM#X`QGBvysUqMpVf67R=7nNpM9CQpNVM2!pIz~z`(SV}>3rb+c@J#*GCSPOR1o~-plZAq|Prll?3l!Aqu4x*oPA)R;m?d#D zRaBj9t#^}^j3!4Afa7*Lr z#*^Jox<0V4U;E;=uHq6Ya$F*2Kjz=zzs!HWU-kQazw&*~ z_W|EkzSsNWzN4Fe+b=iX@bq|&YxqsW&W7t7 z&Tn|7`*-dK+&8#4xplY4^#iM4`}?eZmCw%dEAwspr1AyX=Vgoh2V$1+W&4(MNVse7 z9B!gphyh|iS+wIK!x#)0zp*q%W|$*t-EpB28I0dpMXnjj*|DKs+?oZR9TymJXG?@h zFtd4Q81J)6gkgb4-Ep1~7p&@7#kH`ivtzw+6Ij);y2;9_&W?4)U0_wm>aJ;4b<`c_ z8h6Z+I1AfuJI<+h(@fiLtvlAjO~Ond@M~dkP77BpU$yR7QzvfC@Kx)M)%D_1ko|%PeaL4Iz zkFAjzkyR9DgQsembA2(9D`m=HL^il%u@uEHg=da(niRz`Q_4v@Udy6DmB%0CvU<`< zJG$gJ7LPhy|n9Lu*lX-7-W;-IF`@S672NR}h~wG! zOTAi(V)3Nljzv-wiw9Yht>i@v5Cg;jF+dCu1H=F^KnxHA!~iis3=jjv05L!e5Cg;j zF+dCu1H=F^KnxHA!~iis3=jjv05L!e5Cg;jF+dCu1H=F^KnxHA!~iis3=jjv05L!e z5Cg;jF+dCu1H=F^KnxHA!~iis3=jjv05L!e5Cg;jF+dCu1H=F^KnxHA!~iis3=jjv z05L!e5Cg;jF+dCu1H=F^KnxHA!~iis3=jjv05L!e5Cg;jF+dCu1H=F^KnxHA!~iis z3=jhr3#ZX=h<;755 z4CTd8UJT{MP+lD6#Zg`y<;7869OcDPUL57cQC=M7#Zg`-%IidVohYvp<#nRGPL$V) z@;XsoC(7#-@*-g&FA^5=B4Hsf5*G3zVIdC)=R5)7cop&@VIeOPMtKpG7eRRulovsH z5tJ7}c@dNsL3t6B7eRR{%2QFEit<#Hr=mO+<*6u7MR_X9Q&FCV@-&pEp*#)cX(&%a zc^b;oP@abJG?b^KJRRlfC{IUuI?B^go{sW#l&7OS9pyz)UKHg;QC<|~MNwW9U}c^xRP1Lbv~ybhGtf$2m2h@gH%P(LE59}(1#2PH0iBZB%7LH&rJene0|BB&n`)Q<@2M+EgFg8C6b z{fMA`L{L8>s2>s3j|l3Aiu$3VeyFG)D(Z)d`k|tJsHh)mSn#K!eyFG)D(Z)d`k|tJ zsHh(*>W7N@p`w1Ms2?iohl={4qJF5TA1dmHiu$3VeyFG)D(Z)d`k|tJsHh(*>W7N@ zp`w1Ms2?iohl={4qJF5TA1dmHiu$3VeyFG)D(Z)d`k|tJsHh(*>W7N@p`w1Ms2?io zhl={4qJF5TA1dmHiu$3VeyFG)D(Z)d`k|tJsHh(*>W7N@p`w1Ms2?iohl={4qJF5T zA1dmHiu$3VeyFG)D(Z)d`k|tJsHh(*>W7N@p`w1Ms2?iohl={4qJF5TA1dmHiu$3V zeyFG)D(Z)d`k|tJsHh(*>W7N@p`w1Ms2?iohl={4p?+wn9~$b1hWeqQerTv48tR9J z`k|qIXs90=>W7B{Yhlcv0p?+wn9~$b1hWeqQerTv48tR9J`k|qIXs90= z>W7B{Yhlcv0p?+wn9~$b1hWeqQerTv48tR9J`k|qIXs90=>W7B{Yhlcv0p?+wn9~$b1hWeqQerTv48tR9J`k|qIXs90=>W7B{Yhlcv0 zp?+wn9~$b1hWeqQerTv48tR9J`k|qIXs90=>W7B{Yhlcv0p?+wn9~$b1 zhWeqQerTv48tR9J`k|qIXs90=>W7B{Yhlcv0p?+wn9~$b1hWeqSe(0zl zI_igx`k|wK=%^n$>W7Z{p`(82s2@7&hmQK8qkib9A3ExXj{2dae(0zlI_igx`k|wK z=%^n$>W7Z{p`(82s2@7&hmQK8qkib9A3ExXj{2dae(0zlI_igx`k|wK=%^n$>W7Z{ zp`(82s2@7&hmQK8qkib9A3ExXj{2dae(0zlI_igx`k|wK=%^n$>W7Z{p`(82s2@7& zhmQK8qkib9A3ExXj{2dae(0zlI_igx`k|wK=%^n$>W7Z{p`(82s2@7&hmQK8qkib9 zA3ExXj{2dae(0zlI_igx`k|wK=%^n$>W7Z{p`(82s2@7&hmQK8qkib9A3ExXj{2da ze(0zlI_igx`VmF_h@yT(Q9q)nA5qkgDC$QP^&^V<5k>uoqJBhCKcc7~QPhtp>PHmy zBZ~SFMg54Pene3}qNpEH)Q>3YM-=rViuw^n{fMG|L{UGYs2@?(k0|O#6!jyD`VmF_ zh@yT(Q9q)nA5qkgDC$QP^&^V<5k>uoqJBhCKcc7~QPhtp>PHmyBZ~SFMg54Pene3} zqNpEH)Q>3WM<5gm1y3rD^iQ-8B}zkGOOoZxXnNg9p^z_@ySkQx-vycS(286tGcb@Y zrgP;b$z-}z@{Sa<8w-hYIbF{Qi%5j_@cAziW8P`GWJO&L^CoaK6iViL=M4 zI!|!?$?C5G_Ps!%59ZQgL16hwl%Y&R2oSucQtHW zmdKXU!L|8Prkoi~mo|EZN1^HwOr;CyTq>B)1xv|drcf>g695yb;Y==5Di;&%wqQA* z&z6ECrF1Ho$py

ELiamnr9q;E~RaW{UaTa5`76KngD4DYynxaA)B1%ai$RHc=?0 zTh7m<$AZ1tM5(+an=Y1v-TB-=X0X+JTA`Re{j_90l@2B$w6yr-iNtXB2tWMKjgYoXZczB3UstdtJqpR#m`Qa-f=gES1he_Ujk&~dx@%P? zSw8!6$7F^RgXxWhM0u!dQD0xVl+5Sa(&On?FFYze-o=tp zDkn-qq5gEDTna7n@-zk4jg$(RWF|jS3a($*y=HZAT{%%Kdke)(zL+UbbOlv!F`Zyk zvDbtTGEz>Lx`JVEd7_Z+g6}lpJ*}P5cKT`Uj6&~~SNgYAl5Um-d?E+jx!{;>m45E? z3iJt%WpbfHF`qnkTV)duS%4uYrjn6pB$4RvIC@*<5*~B{1|1JKG1lOoi=}&xOXi1% zM<6du9I>s^$AgZ>dyXB-3=TnpF66$|1o^>dgXH5`xUF(N_jw)OX_0Nu%Wcl($8vD< zdD6}EV%sX~xz9$t+1`^br;{un2aPWg1o|PvB}&1SYr2=L42o|zZ(C&@zx7pk>*33? zz&R`Db9lUCMZ7ysSRV;%9gxzs+#6r~4)!J1a3A~< zcNkwn-Bwx6L(W4H^TUypnpP8$P;?;N8PfHESg3O#840QSKq3*-W1amSDfkwv_+9w@ z?l`fdKNb$F1F0l@zq5G|e!n|R-|sBx9_jn7;6eEP?%?0=nv1qomUET9{uE5y(bH9W zU1o4Nu`e|)XUbW~uqOW2jV6ckrE+jBpu=6k+UGCT^s9u=WBDGQC-Q^0oER*z!X;5ICz6}nQt5$ou9V)G9!-=$R4t&) zKBzY_QXa||yMpFS;)UV?-b@WgV(sC0dnD>*x}F~?Ceuu3lMp(Xhk`4J58jvrjb>#H z1cFy;Bw6la*?{R5yavm->?I(yl+M;bFt~yhFO6SMNaYRi#yh-rV4H-(q>1PqC29rKfvZCSqf5B%2i_^0bsdftZ2{ zh+X%KvmW#XnIu6f;mUt<2=o@Lhy>v)=%#=Zsp7eN-$lyjdv6 zvt2<}75BA_P^F$H?0&pn3^|mnR2+)9)m11WX>{o&4c=8fcs#5bC*=#oV2Zy=AoL% zPItLil`_5K>16PNbboL~4obdk7Al(*kA#)Yolx1Rkxr;U65JarkUQsh#`V~M+M$K? zL_8AGq235}#=^-^JQhtQ`XkYPs6wt8+E#hJDBG(w@1ZE$&21T0uJ2D$4yatOQ>{az zX&?;+AryJ692hE>3tjE)V`F1&oAbrXa+%Hf(Kcwcw2MMpYY&G~iHT6Y7#e`0d8C+z z#!+T8lT8n%Lr||Ivb?-*8!8WHQCbPa4X0C?kzp?93@9GQ^2N=ibaI5X+uDn%LTD&+ zDO4%YLJbY&$3o>idW4FpQV7biP%%B6FQ*fQLZ}4w5tNLj5Hz-Pr2;R)vlHx=;rwVi zR30kkM+S%BCP*f<2+}bv5gn*k8^znhT6-imy@q3rHF)|)=AcY27xV0$u=*>rob+PV zU%Uk!T)p1Zf)ZBe0McOG^qvj&s({~=>+ z+E(f2uer4ytEJgn(_Zh!6*=f&rAuYVslk=`!Qe7p<8Jht>(&{yEfj4_d2v&%ALqrl zRhDp{1U}T%3a{4;gJSUvelHe_cSyw|l&Pxor`;_aI31!eCq!x$% zIw%I-bj7x93eN{O4vO6P@wr!PTShYd*@^XIdEP~dr#iG$A~g`|?~L?^^hi7g6>5J+ zNYfLMNJNjuV(G*IRAm>eS`l1lJR!J*cSA%@gr;l>o}3OsMFv?g6=ZSyCtxTc&uW$6 zK)whCWM;T91mg-8H6AO9N+bQ{@OUKB*3UX6g?za!ImBu`s2ue6v0>;FjHg3mLz!|q z3qw7uuIisC!1zmONK{?Z>%21P2BB$-n}HUR1J6VXcq6haK`(x3Z8XEPhJ$1 zUiM`4hdZkN{7t7d2qMA!02_%Mp4q9}di=J^8+ZXwISC5@UezBuonQ%K(&nNOPELI=% zA*-s=*VWf&))wq!8qxYN!}N7=wPF29i!h#>pkE20_?Em&yF!$uT`l{iF!<c7nUrD9&^y*y%+UyHDbxEh2opn?;;y@l4&qnJK(`+7}vd==WFa;eth

TPaG>|D6O+kQA{qRPA`zpawvAL05{7&7OUl*M2MZ&K|K0SC~eI@pH(EKMoaf@&*6TMXvKU?zz- zfjG=2`b*G-7d`(_26|K3Y-W%RKD3K&b!eo-T2?s53o-aOPP!Pven^Nl!m{ZEj0jiY_Y}Bg;I0Svb8we|y9nGb!Tn58>~LtH?RIcu;BE!?5pW*^_bj*@!Tkc<5V*DA z-U{vpa6bn3Q*dtqR|0nd$Tl@2HdZ}odxc{!MzRK z$KhUhce@Ro1Dq3_3tR&@54hvOHG=a(+`Zub32p_ryTI=_xPBen2>cB~Y`+FK4sI#9 zAAl=>J00BXz?}hZ3Ak=>-vHMGZaugy;9d`|58TDzE&;a@+$L}daI3)egG+)-flGrM z05=HkNpMAQtKs?0;En|cM>yL3-~!+d1Lp<@C-&Np0Cyy~qagkUxE>AHe}J2SznkEi z2e%pA-@u&52lpFrXM(!|+*iQmz`YCHyTRQI?yKOogS!RXd%>~q z$sEfEJHWB`eLpys2mS-x2he>4u8hYIf@6Pw2(RpKmM)e**mFOI?h&{?1nv&JvcG=^ z4!())LG*hVt`C4??@$59?qTjyaO^#^;64eCy#sSsfMfZDU0M9A!Lc-LMSLY(+57DT z2b}VE`5Igyk8oaC++E-pmydya4LAr>{sh-W;1=NZ)A;w@aAnVDVayM%%J1R&Kj8iX z?yun3J@di;4{&Ag|3`2!#2{B;@7xNm0Udj02wWS4F*%@H%Jbk}5YBcCT&KXXd*M6t z>!0EJcZkd01M<1@Pq;RNWA6cwU*Qj%7n}ne=m*b}pd(zL*t2(nWADz~Zg7wXZF|5y z4(@Z{J`axNyZ4~`0$lyzz6kD1;2>WpKZom=!9jX#EPd>q+50jM&IG4|V_ZA~SC$rr zncD^q-qUs*gfZTZhwFE1{tD=b^0bJfd`HCNaUlOH?0bStF82w*;P~@Sf-7_ExtI>+ zQ3z*_eux2LfEXYKhyh}N7$63S0b+m{AO?s5Vt^PR28aP-fEXYKhyh}N7$63S0b+m{ zAO?s5Vt^PR28aP-fEXYKhyh}N7$63S0b+m{AO?s5Vt^PR28aP-fEXYKhyh}N7$63S z0b+m{AO?s5Vt^PR28aP-fEXYKhyh}N7$63S0b+m{AO?s5Vt^PR28aP-fEXYKhyh}N z7$63S0b+m{AO?s5Vt^PR28aP-fEXYKhyh}N7$63S0b+m{AO?s5Vt^PR28aP-fEXYK zhyh}N7$63S0b+m{AO?s5Vt^PR28aP-fEXYKhyh}N7$64zg&6R8?o<}q?sa(H;TiK> z;_3GI8vfMq^-^hH;vzD+}Zfi z#&rAk! z8|b3|bep6=kRSx6cnAlXUH8=@NP>+92@*#W4G^MKQY$MntGkG*%3@^}8ZD9%s)~fV zEy~iTvBzFZBE|dgYRC3y{8{$r9p5vyWP3;ADO>i=_?p!>;{iCnX6-%x7ZI72b@c_1 zwlqoUBfBCpA|qeCcz3*~YpPOGDhsL+R4k*IS7kKGmaY_o*@BS`78TRdE27T~o(M-G zA^z{N1*KT{SmWFg{+2!BEu)V-q8f#QQa1J759IZEX|jMR_80VuB~2KmTz+;>;I?u_ zzx_7V&~!;fuet9An(Kz!1A)M8L2ADJwjezcc zOViduK{w}g-I5L~rP-=7t4q5-JbieNl*^+-QYv_bQ7jsz!h%#abxpDiNz+ZWlF#ar zHK$AEilOSJnJ>*sN=cI{dP&nO^vlRenqn!^JfM{?NgqCPn9q5uRH@?4nr`W;WlHmN zdP!2WGkV2TDtUTk7Vp8-c~i<&ORAMON=hMbEzq0wv$|TfbSx{Iw<-X;Smyj3Rx6ba ze3zA13Rr7)p$x#VRh7$yysFSVcv;@k3whI`4o%Mi47yp{-#9nUKvaL2gXk;Ww%V*_ zPw0AZe{;H1_H1{tmz~hnxl;b&s&2My{fRmKFy1(3owWis22~8B7)?YN3Y87h3PwWV z82gtT3d`YytTf*uJByb2N6A(CE;+9gG-S=NWc(3q9BG_Ovak5eu=t8gLnR;pFn2s4 zOZcS9!gxT!KkUyL)1n>bEuw8)+O3}f^k?$gcv#wh^ng?_W@k!DQ6E2&S1X2TD)uduCA3N(nlgWkjEBK#Sf0Qv#54(Chy`0l-#OwrV=F?{h} z>DX}zzw;&2!j@O9e8JsZ(Pzyws>zz1Y553rDQ40AaM8?G^99Y_#KFs2_Us8@-TK*a z`X;>0oRhPLB(Z+|wjtL~I8A9{Hj^+sM<78)Z z7|jPdn!_o4$OLN^ANv*B-n&?f*xs+Ww|7755!?HfovDZtPU}%cj%0JX98=O^Ii-d) zIj+UjbSjt4Cd0J7cd}7pd%vh+TMLFW18E0MdRFUtm`Tc zv#)F`81svAy6NG!zIYc~U!ohGNU@5cg+Z4-E)YD@^$eGd4C?;Tyj}{$PI2=y3{EUQK zecqkzQR%Y=jN~cv-Yn;vn(IRX&Nqe-}=r#31 z^M?ef)?x6Ess^?R{D#XGvgB}k43i}McJU(O&33bk+q;?sm$zG7T;6VKa(T4iGh#y7stjUBr3CcjpupmJ&Sr1Z5b^$NTDb<1{nTAv? z74oO`!onD6b()brn^qHJO0~2MjsCXprj>XcM#Wo3ZO4ckR~QBU5oLpHCUgZmqgycS zs=lgk(_5QFS3T#GO; zKR-W~!@Kkao$2Q=Jh|41;Dc(<7Jp&~YY zT-voa0~8=~zYDuyn+S+E^9RsKY5txQe?1{spi^wp^>{gI0 zNQvdjH(3reI!}yul8z3`0T5p!H92P#U_~<}EuUlZszusvsd-3j;Mx3pEHmGVB-}`AG7*QS+VBE zVV|d*fV&E$wEpj4Rw+=Z40)kFwsl z=pE>`F%XA8!k!Z1@KdnK!25x(e$f5ZPmww0!>mP^Q=W30Q%w{@8v)_kiY&ua|OhcqOGS81AQmt%O}{?~ne$=r4?ZX;dG*Z!|r6!|0}wKO6b& zKD}?+|9@hN>89>?W%Ez^tA3_Y8)U@jiH~xk{LBxq1l801ryAvj40-+3o4EhaY1n_@ z$f2V*?OjoXn7|BDu3{9W{p1sqrsv?}cKPYnE<+fN+5qR-M+D@%$PnyhO$VIt%>@E8 zhe}X(b?%WqY|KJt(hC~=daffEn8FfEmaAo?QQOE^k}z{Uv;F=?Z3AD#6=D&N;LxH) z6TFy5pEM2z1_eI*BD8O5;wA~sJPt?6B(U7vIA^fee2CBa)hmuDmD4Z-9M$vYtoPrseSMK^K0x{~jxwMRIp^@c{9qLj`&W=B6P3)e_KA$Rn%={tZ|d zf@S(_#LpB8L3o*LOb)^xRVm(bKfCtY0Nfj#APbznH#j{Z?LBt%@Ugp( z9o-u|aa7uSk{b;11MwiuiT9F)ibRuMlN{K8==1{o|$Q*=Tn^55Aar|t) zi%Y^irjzz^I>#nq6p^Unx+fD9uiKKEldpPdu1{M23s)5DZAoLwC5MoRyNtYfNkYHY zI9K8Fc2Zz;7oq<$P&gc>hg%NQcErk+`I|+o+*ch*|MH1wcx}P`+NZDI-l+An7GV*5 zro|$7W24r`dIdC|8R)8KUDc@h*<(V)|0;?2sRWvR9nJA57V&A;Y?BtU6n=`e2wmW- zZe8Fp)+2O*ukKup_zPX&Q8r5G0$<$$M`ltDr&C$z0-t1ELKpa|OBYyZ8PlQ*oMl}? z7x*gE1-5KlMCibI-{7qq&urYY<-RTPE!(&FH~+=vpWXZ~H$T3)xcPz2;Z6T#(=Tj# ze$(LKe;fSX;5P?v_x;r1l>>h_@W%t+8u+<^M+TIEV*{yy?Hix;o%espzsJALztQ*K zegDz-2fknN{S5xs{0Hy4rTNSC7gWYu*xCdzpWD8)xly~GVbT`|ISxO&ZXM;6QYtAE zh{ryzluV;IPdYWlg2lpGER@aVQrC2WLL0t=l^=vMyruA$*i?H5!EUx5Y zXwBy0Iq09^L?WDug<`2tESgpmdOWL8xMnC7(qmyoxx*E@b4c444uu?}qT6CF?WUmj zJ-13HV0bt=Cf%vd?4LR@gAiJ2H--E2c&I&1soW0dy6iDmVJ=&@3*<~2SLgJmI8K5y z!mmtSMI3coGd-=b$egB-ow*acqa4uH%0d}#`a50ncc!Js-9Z!0b)VmCUkjwpwq+FN zv|MGjnr~~?^5*HXQejczuJs|hw0gFr&$m52PpFGU+s#hsSA;{#Wp-(*CAd(aB7%Ca z6ok9EWJ!~_zp!8+Lj9l=JRt=qq~QIo&&;YC;%hA_XyTs5BN{i2JO;aqYS1{nL=nvz zBAi@f=Cdqj8**>~v2zq|rvMiu`Qd6_w_MNNIaSaVQ=d5wg?Z+Peka{CVBIctAxGt zoB@~E#h7fqB-9cS&xW`(9PCJ%y!Z-styos_v-oqCq8csf*TPf56?v4lV3yAfu$l2;yWAi4EVyFrgRDhx#b;eyv34`-5nS=vovR_p+Zwf- z*eJmjpWPAD!b(&PXR~e!nGuV0 za|ZFCn=6PWH%AanZf>y0nGtL3sm5_uKu!rM!?{7mVF#J6)Py;WdX^ z)UIjNwsX>J)0HkN)1@+*^*dCqZ8^rjsj+W&Bri&1|zfs%9MhQpAvn>>T zl~Ujb8nvt0B;w}jvjfg6o8mR7%vSc0;118wjh9dy&F^b(4keQyQ&+KO+hIgZ<4V>d zXz(*`rf~)95nuky&Qv^}Ra4ox98vTXt|&!xSxMuXYc`ci>j^CvPKQEZ8b88DiOqdx zM>Z0JWj>Zf&_!*8bqN;njEhBVX&KXG5mz>9n^~8jq0cZ?>WNUJwu#};j~){u!n#$K zt_mtsT2}M9YfxHRWQjHT-+HJtYZr#P>LhMuBOD1vaTl@m?g-4nxSd&;DMCtR*8$xI z;$-XfkWl>HiA-p53v^r$VbI(QXE39xFglZW6CtO}7mPNS4D5*Ymm~xCaN~+=6y43x zL=`9a#xqI_xhaVWebNJ@r%|jQ5etGDb zq0bMU9Xc`;9Q?Jxe>M2{fPdqE+xWc=f8zhQqkl2_&C#D9{mD_q|APNt_#eg1fW5vq ze81`Y(aj^9{&CayalhcVH+_B6vzwmv`Tm1%w@deT{rT@*fB(S#`N75_51iY_iNNd4 zo1D{AN2SS9wJ5F?U)5Or7$YNsO1?%hXdx&Ei#)tdki*wN4i|Yyn;?g;IppyCb&bUn zT%HqR`fKZ^Ig@9(C!B80PCPIv!$Fcn$b3A_=uS?0kHm2ud@wgsM#k0wHNK5CSj>Xcsa15?lB^QF-B%!A?IHyyoxEe`> zU=K>Bpuj2da3U4!Vo+(iY3bb+NMaR;fO#t@Y&h@2E88ex7q^;4c(ejtP0|&C@ViDC z-QEW>)|@(Y^whEA2gW8pJju--+{i;+V(Y27J5B7k<#w`kx@63kR@T~U3ysBTc0L*+ zhW549DroP*#@U{)_X<-$NqBImO-Y~;F5b^bj@>d;|5Rgfib3d!)0|+v_8x15TzR?d zsTte|2&Kz~f6VjcigQP=K*5zlynB<#OHn>{H5U1W^*h7{bWuG7#$*3lZnD3&{h`L9 zNYXMPMmKeVOC`LWWOsXG@i4<5o7=Rg5cm*&tKR;Qft~;Z@4MH{`@X}REx69Uc*u>P z-yz<|@7N38_Z^4#MH-9zTD?#OzOyr{si|~01qC3i#pPI93(ILOo0N4Wl+)5Mh(kr# z)>!1X?u9DwogJxUHX6}WF?dxL`4xMi3Vf%j3M}$V_VyUJDzM0J+Y43TJ4_WgA8IV_ z=WJQ10^eCTTRvsd#V%Oq_D|S}JIHylnr~f`9w3a2EOP}ygiJ}im`u;?T2R-d7Hn-G z++ z8tf*b%)O$k3t3oSt7ee@EGStsDDHO4RYetqZlM;F^#G zbnA{5x<#Cp=f)76_B%r#Yb@?#pI6%>KJU^PZAVU?(~ZU3_zNb*3wkq><@ae-hAMpF zhg!aQyVY3axvFZX!~z^%q}Wc3_0X4_Ne$zU}5x{GyTIQm^e?jV1*y#qS{rj`P}% za5|YK{|IvGEb?ndf=j*T;!-U)i(YGTDJ<`#dwH)pJ`K|Uuk+`9eZ&5L29^fqH-4=z?4S0h z{MY+8_rZ=x7C5)M<<2)KD`3QX&{3iwDOx8i!*F}X)$GM zIQ?l|FV8EMI(L4)vG_?wWj-gqQ>p2m8z)TR) zkgjFJsfes7Nr-n5H6&+4N?O*_2#Lu?(nx}(u0iBEu2VWZ++If3u%ekigyd5P6~vt) zjbNATT^eFMSr#=~=rmG$l>oFJVvU=1;0}_N&*44H6>G~G$!I*1KoY1#G8Rv#QlT`3 zu-cqwB_oEaYvE)JiJL-*|A;CfRZB$^YFdrx*>nW9jS!M=Ek@g@4XNoY30d{^yAXc@@N+fwr z+1Vh)MIZaDuOJ~!HWnASgtWj<=^KuOv@V?cC&M_q$-9 zMoVb+8{0q9Smcq}wHw87htFLG;(cvnvBEIUp4`pxQjJ9(+A7S3Z@`Lg-={3t zg;W{M;C&%I5l4N+&5Vt7VT=>j}N3MZc)UVQoa?+i1dx??uUoDXA_SuS-%EY6T~h(CLPiawY*ZO|5?`Qgcx^JoPY~O6(1L*Yr`R4vQ8V`lw@>WtvJCn<$p)2BAftn4c)6sA`oQx!K=^z!P zD*=ufz2z#gBL~eCk^7#d-kTwZK5jH28r&RPC>8*+Xa4zst;wg_*lr!=k6HWxwuQ^4%pfBW0WqIx$isqs_Cs;l}N}9#;!_&>c zL!~puX+0w!C=?Er$P9!Tt~DKmH;#7X809wXv7`GZ4l`30 zALvZYchm;j0YqBhB8jH&S5*UValM1BQ^?vUOAl9J)#%uG(M<@4dTaKK5|=JOd~vBptcbqcwN5tADLp&E(oVE@P>}{v5ab@z-strbT7F?( zSun*rCPkKo_UTR{)CzE^;DSfX&g|EK8<^xSq~X>KgW*lv$FN6$ex+&UjP8C;Y{%Wz zG7dwR4jXUwADDLcwoO0D?-haQRQVU{?BKaRz@BHyJgH0+-5@-UoG@oVulNn!E-;#y z)78@%`GF&@=@{G(Pw$_`B{01MiHU68gW?$ud2*JEb2bf)E+cco$q%G!-YKI3IM6Y2 zH9BiI%(>%=bq~_2c3EcgDaubmi8@Y9Om&^b?nf3XS3ldL$+KkF64^^SagsfQ^JJ(0 za1B3TWaReIVsob{Rxcw@AcZWh0n&+DmPD|%PoTDsYjy_ji8&-Q(hsy!OWsq+m$L>g zVBs8)tkR8KvIh?uXSmLq#!y;mrn8Z)R1L7#kqgH)*4~Yyx^+BXMrMjG zeUr10`b~yj)Z1fjNa_{?Y?m3Pra8gy(gk|6zZ)2iz$-&UHJS?Ga@>4lQ&8f?RW8N1rRE@F8y^1WFk!dPb36LVE;PG#DvRFUMr zxjFXa4;b)Jov7eusjHJM`xI*BlobK`9>5hFcU&(hjJmgRhbeOs$C&@6me~keWEiv95{sn&iQn=18UQ`!$NvkWC-PHyTd+>1{-h1Ha^kKs|joi?k$US}JE|*BvwsIz# z(q+*SlTKH((jT!EERn*BScH8!7P=Pm?V6XADuVp~0pAyW@csXo-|}btclo#Y-ofqt zZ=&&x@5kZEuON^AlzK{mWF^1C^$Qf; z==XE0dt_%W8b#D#IESh@u)N1|$XAvPrJ}N`hT~~m%TI>Y?A7%P6!hr#b6a?1M<|j_ zs|sAM@2g*+U`D^6+uS3z$sHpoq|q7Cw76eUzd#|4e*ad!HWp0yk0Al9tMEU2i-P+&fXR? zKxcPX3xMk}SOHp$0Isf{h5*+y;#+#!09=m}OuLu?Tu+F}S}g#seqyTaMgUj07~X0J z=L!@C8U)%qyV(TVo^hE2+Ire70&Ts(V3#4))hQN@|Je3`&dwH- zKxcQGRiN{M7K1>SZkJ7;bmCYETpeT~Xc`Dy9c)B58-eQ?0RXp|ptILyA?WOM z83{T&iNf1p;B zzdBkQEsqAbJif);lHL3d!~Zb+7sKBg{`&Aw59`DC4yT829QwPV?+*RM(BnfN*!W*J z{?W#7Zuk@5Z@F}Mec(CYXMESXTHJpk^WVGp&u7lmFBF)D{CRFPh^<>gZr-wEVdzYM zk_fH!3JXa~s;O{JhaDh{yzIysm<=Isc>>u36Ulfq6bom=*~A+3VtSppB`5CRvHI!G zRXXOk#Y))wyGNnvC35VC&PKd?B(3uk&EWy;aqz>dXFrH&GDG9*wJOR4Zu_%&I9XFy zj=FT^V_9;Dk4yL5H~HYq$?3`C(^LtoXsQI>47;6UF`+`Yw8#1Lc8D3gLtFv7+z4E+HC#8X+{|ucQBJ$ z%!!zJx6aKfW9s$GerjOpq!3@*(ix+e77Fck8ipPZ)-TL4Xe{z;$*~`Vn3mnHu)iqX z-Dii0tXb^f%%CEtGR6&C;;_2UDyv&(A6Ic+`GK`h>>e2Dohf&(E9}O#!uGVOr?+e;8dEPpJNOsTmT{0fvH$o4BlU48{h6Xc9&@hi|J zRNJo*<@w4Usb6@IZS7}g8Jwf*mYST<)T!lNG)#nA&Bw1ngc9B#@+u(Z4(gwbX@$bA zBtcD2AiRKn@mfL%U0Oh?U|fl`IiNl^JBE`FLBOca&N@#dys!BDEk2kRZn76cv+~@+t%|*~rPFR4*Ll;P5j22eKC32;en$yW9Y1iaoeS zhca%-c4tFRUW}W0D9lT1GO86-Cs70+ep$Q;Nk%WZP{RIXJ_LvuR3_OLV?^0q+8-36 zYd+T8C70gg-mW!hI}gy!0bXAHR;h#=GDw!ol226G^~_~cpQ-f=ALf)T$6+XZHG`0Tc&&3PQy^+gY^q1*-Fmu<16_=V9T8O!dIAV;mNMNIuu&!!ikO>Yz%({ zdeE~?#1L+CH&U#~09Q?en%r>h_u2N_qxb`as?918^z zc9`8I61LTmwJoEc@=1N~?_)LnqNCTMqTla~{Nl*7BWIBXaCpn#Zz%>&1r7${0sn^Y zBOAc)5C6jOmyzl3XNNyK`qLZ!-G)~;6h@c&|E%x*8$P$;QQyyRIJ6a_~zZONkBvqfi-T#zNQ zCzjPgoUrgM*BFWOE{E{=j(?6=KxAVAU*qVit*P6J5(AweT-sj0@M#8xFY+1U>lSyxm#{u$$kMaS03;zUfk&%Q z=u8ypBy;IpL{1~?zZ`>1FQ-$;nW>;qM?z6jdMvw|vLfJTc}h4jZ@+|q;3{%RDg5E) zM!5odL^828Z8GZA3271q>F6d8GXWv4(lk(JL_&a#j8^K%-JhtaLlc8HJd^9jf!DdbjF*bqg;ONHChO_V~SaB{yBHn{<}QaGFfa@ zlhHyrp^>G`oTVA6>H1kLv@S5d{G8HQ+Zqz|yxbNKV9 zsV()3gD%l9e*M+;iyK%2k1UMuP@<7UPE!(yEWAj$k!%Y$D0A@x^7JJP6ca*Y2S1*aXL+IGJYsg|@rGt#k*{2vHhd zZvlVJofUtU=Y%}6%!^6UBFf@=8NV1INKA&$l>x~Cjmhlo5R2N@vKN$vL>dxyaed74ki%*VwAz&@t&}9s~#{mI}o=CwBXt^$V1d$M5IGA>w`OkUw_SFHjC2zkfgfx+{81 z6)<_6VUKdROnjgx#9@A=6f(B?HO9iaQ&>MGi?P=qBlD}t8o2p2)@pvGL@&1aHMVm# zPF$E@DFKX4N@F`BdMJlXvAHD7uaw8dCcd#I@x4IVT$~YZ;(MXUdN}coIm8z_*CwHN zf%;QT3HyT*+pnx&q-sO72jd$L_1`zxH*m4<|JnTK z1AjE|>jSS2d|}|DgF6Q99lUq*FKzyc|8F-x>HqNN!sd@|zPInc^!;Jq@AiG8? zfYM~RHwURkDww#P=$NOAxcyjJ2<(SxZ4SbSg}cT)V;v?i@fWN8MYr*xu+dzoPKMff zEEg-8=V{VkGF60x&i;<|0G$JJI!;NNj4*#YVV#@hB=z?q>p6~`QnnNLh3gfku&yP>b;Mo+^ z#_p|Oyor9?LwJ*;?Xay>6oh)~uW$#^aK4l(3<_mJ&_f9=}vfv%S#C7B4g)L}k2e z2qkuEA!GxMMY3`tn?`gQ@_fpOn2O5rEb`jNqNwny>44BSHi$zgu_GRiC&S^0n!T!i zk?Lsq{XAb=LZoZMYPYjy{>6#wHy>oHy^b~V)h0-~NGI{dRB6oC5);lB`vCo|tcOEC z;e!7ASi4wF6Z+>*)-PVk(EM{^%)0GuoyI)oNL~%J*5F89l@+qh#AXNkkn5M?@4!2m z_ct7uDLVtDfwL`{vLcgVAb6u=}_dR zB`gzRc%h~_kGZEq=?-&VBp7ntRC5_wTP<~9!TK!d%ec+4XAoh}t)N{T&AfIg-3bJ> zcWf{{>is$pYPyo$9EkA?@;FP5MP6EcB3D+1tK|*tY2%v9Yq2{;)(|h(p7T|f)?!~5 z7SdiR<_h(TS8%cA5R)?!j@Yt3G_;Yp7ZQSiQ1v`VH6fBY>TVbUxjcC3@;j!DxTZ~Q z2k{KC25zuVwGhu;^@~B)$(7BNn?0R`C=KRm%c>h%=9%H7o!>;B&uIlL(n__M(81b#N~6M>n) z&e6Z}J-_L`P3cX$Hf`P1zp3Acr2hD~Kjiz!8pwtJCKM_AWZM)!ShFo_lmB5AZw23J6l?Y zjx?5baJUTfp>K83Ph6HqCw9;9olS5T-xjN8U!7E69Y`%2+?TsZ8GyD8JG{*N< z-y{;TAZe>KaU*nojTc>q|CkhZZlx%h2I|9?%cwI&PLbV>C6Ye-g!$0-)-v|PbYqD` z=RQAIwS8|5xNgfzr{>@dEx>t0HVJ+aie2Y8z`q9-CrE_u6PY4>Z$kQwgd%9Zy1f|! zIX;y{U*}Wbqzxyb*V*tloehsPmUt;!ZiDl^xl@mXBU%jdU`S6Rg#^;^L*EHQ7DT;* zP&}KBB_q*ojioEud;(40+!2qb)o>d1sxdSHzD-%D9|=nIyYDW!fr=8@Y4Mg*y}LV9?2!JtVmmOiAxaS)z%H*&f+#U zxy*(!R%dWrp}pec-Ldk-X2k>DwE!uDe_$foOWokFF7I;N;)r{?-qnRw+5zm##*5Z& zYAkJL2T0g$d~Z5}_cADCOV{rm0)b#roK2Hp5ksKZnP$sS;}eagVfHbf;c@-GH!qD- za`9#yNQtT{&e({#Yw-V9`$rFrCP$@_e;E1RfHCsTfdiX=Zu8TdKezen zpyt1@jq<5+W%R9 zb#!5LcJ$=v#AtZ*`q3>T|KR&w-!J-J^woW3-;a+zGx`kv`=alrUTd-2M}BQ!ul@HA z<$teiEK$n9K9T0n_g$u-eP*DsbT7lg&ppDC;k)Z*EXQ?7hTS1`g=WHJWG-^Z!z^0j>MdoS*hNBQLi!)$fG+|WA z22Xk1gEzTNlCwvnMcoXWj_)3>6;#}fgk$j(QWeDGv5<=etvC`Dl@ie;9CC2Fwbbof z#mFc;b;&q}#v(C?J$1E!Mp$9tNNOz>(0KgaV=ZL_RLqS_iBvRpSNN`UY%-QcT89J4 zuhd3wus5puaCtGos+c3*!SSyZe!>cunb7K_*c}gzo2=d<@flZXs zhc<1Z-@P=XT3ZE#P{8St`r-r{!aE7_tN{`CO3UDgyuWin?qr;U-FXEuBSt(1e*7CJk89S zx3Oj(7T|lE%$gr!E!;`wd)sZ+9A`bktoioNNH!YEDc~DXC5&=(p-4_vA`uO`Tug<@ zGnGc68K`k-HcFT^-`)`khZHpo?GHLsl68q~d)uYPC0fQb)i`j?IO`H-&9}K(bE>fv zV<_;sQGQh4UN_ftA(&H;lX&K8K6WiUldOJg#Pl9)j&A70B4eoYYbXT^p@SA`ubeiS zg|dWHa9JD~lTM5*PK<1^@-IjVB%3l1!cz*eDKekqetN!i8qbtYo56O@8ZR9MXNg3Qrs~9GJWlm7N6S{Ckxk?d}$gS3y1A2~1 z-rOK&ZDv7cqEpeFLp~D#o7Ds6G4n{7Q)Kt*rJyR2Fn2nStOmh+(Qfa-O1tpDRhc@? z#u5duf@RnT-eG_5CdPqxQ2>C$yWS?lWw@mU`NtYdA-1;9d|I6MOJirYxUy=)B{%=A z+ipprjBMu#r+SzYcLUQh9My2|vYQT~o&=Ze=Vx)In*F>peo995COp8W${p#Z!l_G||a zrU1S^kpjl|b_);wKx2vG6Z`y8fky*fmIvlZ@raJA@GWu`hEdCPX^;C|ZxQpP@I=Qa z_?E*wvAB)o_`cgc;JZWR#uC+X!xT*Go!NCnz8xkLV-*KlRc2ekbs+0zV#jB=CvA-oTFx|G&e3IsB``&kje2KQQz+gQo^32crWo z_y1b|OZ`vwoBbc|zoCDq?{EA5r0-Yymi*)X-M%05Z}R;Q-(UJ(_x*Yt``;PT^E7Z0do~{37kaf`oLjh z)+pUw&1->sP}58|MTGN_PvWlUk%liw3ItP|fO! zq$*{rTG8<=is=;GJyoM>ViB57izzFni5lgF1pu5?@}o-0SdU~?l#-bjD{+0- zt+X7}|C7wJQbLW93aSKR9{WoasX!Hou=t`;r4PwTtoCxKQ9H%}e7^wZ6({n=YDM}; zzEsL9R<%&bmoT-dYE;~)NM&dib~b89*%(=j8L&5CT5P~ojoK0RgeZyiJQdIiC$XD{ z-Mjfb%6HUwNk&oo>UpPpN2F1^mpv;=;XJ=Ht0hBPG?$X~L`auoS|l!`-c?8rW#dX( z&E+B?J+!S+JH$qb+E>r-$cA!SDiKp7z;Rv*MAW`|zFGUKcCckkv-TC1H_5u}Ohg(tF&+5v`!pA~gXo?n0ct3p*jf+JBejG}bl@L}n&p=hjX7EfugNvuc*} zYMwBSUWD>h8l8_EFi=8O~s>j~ZE2 zc>PSiQZ=(cBHhZDSamF%lbnuXfvO%nlZ}K>5=zOUP&ufI8N{KJRmIdzlo2i$3;?<` zE1#(rN_s`f<_q|ZE|loOA(PFruI6)jRi=thRR5{HY}Rr$uENRXi$G#ks7f4)TuLRZ zHP*P=wKsz=GtX3_k-ZtQ6B)J>C~Ce-l&r!-?OnGXC=@13R%L-b1n6o2lTjK6xhima z)TJ2J$xSszC+(S?qJmAe}?UO#caK&381hK-uoTV7Pr-rMb` z8?}9GYipBYxU1&mCD64VRBd~s#_KeSLXyw76tTLoQR6imMIp)O2U-ZD4KDCOUcgcC z!RNpSQL7Ih$1607k9&^zV9L#Co^$g-Ub0c}!RK~{qS2h5)Dm(cp@n5sv<=CMn#jtL zR63Ljh0f7F9ugQ;LR5)4Iy3d$BPn0Zq+a>_UMLjKp<5A^E zSDi??gf>Wyxx8h{?$US%8{ro zxqMkizWCUC!7Zg-d+EdTlB}1d>;g&2(oJh&eQk9Zm*ISS8#P|=us*@*&2tXt`)9bb zASt{UuuW2kJGRv2dv2)y(MFAz0e(Udwda2LxZ~aoLlBfm1d3z?j%0u&djk2Ark@>$ z&^v3QnCG0F)fJqby#cD(KF-g3;8OV8u11a5J-kC8Oc(wp@Q?KWZT>I%MxP%2+~^~t zTLZrz_(tHVz!QOo0HnhtQNQB9$DirX)+>~;83^LwWrCJJ7Wn43uRF!xl5eBWT3=yp7B-UwLukpSwR72lNcWq$|Bzj8CDTZamp}5UNxY}FUYeM zqgr+tD4qdN&7VQ(bDNnOm06{f|0EL-%*)T>!ab`V@7jApFP1a&1YK5_IH*G4wse;^ zc=J3+TD~&=DLHy;_~x6ZPTqC+&;)*^@yqpCaB}=imdi@gUTI=HL*_U$vvr}ypjDD?m=;y3rD-N!Nv@fiFAUqSaP-Uw{}N{W zkALqm8PdTV6ZVC?@FK|zvn?${k4GD|9D~@RP(EIKkL88kmss?9PfOKjF&ndcy0C0~ zH^62-cG{SQhDtv()jK$uagJODs<Hf?Un$A^$JVCivwK&3QNEz*kfXCFOVf57Q$D|xWD2BvIKmbwFp)F1-B*OW2{FU z#us*Gm2fVZ3Pof^QxS~<}FzdRCZ|w`)3da26U5(l)2Kq0UqIuo2Q@bmH+rd}y zp{o#^?71(=Pej(Pcf(Ue^Il$G5oWy1-Xce2T-iw!0GWkW#Z3G#rbog7xVD%*!fp%) zL$MyxO}iFS3zvBTG!qc~mcH<~$ZVE@dopPN^_S4gHc^jCm9ik41)~aY@d1A54N=wOA$* z2@kj=BuBjJBKNd8WSb%scfhubQp^b}!@Xm>VP#1;Vr?X|E>Q2m2ZT-H=I z1syvbmD9N>6y01R9!f&b&ZQFD8uhE#D8cYw-Vu$3Ls>nQ3T*o2>O|SIygVPTjJ1iZ5Ru9wr z-K3pMQwEINFvzn&2<{(P1sql(4;&DV0zNZ^OLV>$K4-~myIIs|2(~M>+K+`OY!-GV)-N~A2yBhT^4BPAbI7fKd;Y~fZ{hw^pL1H$u z6Dt_p%OlWWEY>14n3q~KnD;koChNV0f7wd|N2X6qPe{{qie^ACnFW8WxF>v(l$3{A zi=bIAx@cCd%zA8#!OqAkOrB6u3^q#8tQU9Wa;caW28QG1rIwdp2eqZhS_Bn)u}Q^h zg_c>GRP4$|?KJD!%D?f&ZDb?@q&B(detD=d(5MI4K0on@*yl^*{JDGq(ka=s9|;a+$#s(Ob0s&)nrL;?iV$716(QNE z53|jg5gXCPh|uFSV_%0__I3NgMtzXAJSHY{Oap7B{ns|?18k-n#Y|VYXzO^RzL9n6 zqH|y^;KH&uxR?DB$p-zbMVzyjT<5Ib$9lv$dueAPtHc!u2y!-*j?1xJNRd;CcudZw zBJo@-7fwW@F~|mfHcFhcmv$s#(MUR>rf|;czLuBMIr}tg5$EhB*E#!C%PcMD>@n6Q z&e==soIU<oA4^^2_uSO6$77j*w>9!X1MUVu>_)iy4e{#ka z8iH^dSydB}0Fh849gBn_QN+h36Y(VZ<85~0(u8Pqa0<*`Hz`!EMID|pOiP~RVRX!Q zAy3S~dmvBG>ALkEFl$HWeN-tFY2B zmu!W!yTQM9O{4Y*=h-&8J3M<`n{YX|0Br4(EysHi<}eW`!o{}}lBfl~vM8-JZ{0gT+S!cqh!mq+OdCHGYp z-xf#nKK9M-<~Xq!9#SU+(^s!QA8gcP48xy1!eRUBx*5ad!&OG;gwlu*yqS~DNNOzx z=XzL6$&sW2-?FMIayk(S%L*dqa?zxkOGfnN$vT395ugQ=WlP+d%}sETKtv=%jWh~~ zf7B#IF(W+M2`IA{$duY1Dx{0LE1FVNm8zC66oM^759`Y5ps6brb?%O;l}qirc`|Zy zdgA7E^n(xY(+Y)|>IW$XbDxW8Fcza1p!YDgLw<1+(QmWnoM8o1u_%JiTu-}+BZAPP zh!-$z=9ErG!U(5NCgb5q3J&=s0zQ>l=C~F1KA14oDhsD`On`_fi-hn3@dOmcc)Iy> znMmzWDt`HSm2kOpM>Xk`h+zQOq7mCc-Jx~f%AiX8$ze*u+wHQBl6s1;G`{C-0Qa1` z6jPVGTPc_bp2tNFXrT;xZ7gk>z% zSYDh_GJAPW;OnOw^&M;%YDG@DUg^yhC>94-cF4VR2A&Ll-GT>}n4D(8^n~j<2s9DD z=ZtyWA%dxb#iNpCisDWoN=b(fP17ZzDsCNto?ho>Hm__y)u?ahixTU7#nE$Ip|CUs zMZBItXboLA;?vo0U<)#(GkL_l;>HgVG76O4-l$*8UM6e^ue8_@Zg14DVZAmm2IwV6 z`Aa6~B}dqrZMTSYm||}a@o!>p#K-Uu<1K;_Kp?7z-JkdBPy_lEkI6i*il^RVf#_1z z^R|G5-7eofMfJM~(XwI?CrHfu-%CC3#6l>q(#@km&jo-~$>{IE;Vjyz6SdSobuk1{dprYksaxSgM5CoUi z&(x&)DX#YN<9Y#Gxeaxn4V zz`BHq{}o~4KaUUm0GG~$@cPQSrL(n?1E$xn1{U4Lu}h_Pj6)8^S{WO+G6K0M z#*SV|27{Fh+iRv!O;)&e<92WL+w1Wl;6cEHfCm8&0v-fB2zU_iAmBm3gMbGC4+0(p zJP3FY@F3tpz=MDX0S^Km1Uv|M5bz-2LBNB62LTTP9t3_+Ah2a%%=dmI>L0yhbZq1s zo4>sIvztG;d1UA-LyJSDp$CR0hi)1C+rjS*erxb&27e5>|6_y0{eLv@_XB@9@Ke5@ z8~F5qK5%3p>U-4pfbY$gFaE!LwU*yqf8f>et{uxYp8sI|ovRT|;`cwfj|IK#TX!hf z@oHAbUF3TZ>?EB)tUL?#O6qDv4JRYG*{&mdoQf2A>4=(^Q%Ng5hn zMb>gB|DB!3RlIJFUPqz%-Q%cO#Q=(uV!_yUI5XwtLROFBL!pH+#BZVp zx^YE$)8*6pY2A=5L$0t73py9UcvjbNx;;XEnPeIKF0~UWZ-zplcOe3PnLsTBRUxZ; z#X!WFJMo)D*-0eaI;fn(FGHN)SAT~>^ZkAv^SjRu`MtXS4h7}={XG6}Uo+x&YyBNcPU07r z!}dA18t$vVvz4K4ZIGj`6WO>fQn;o54rMU$`+1z=z7aG~auTOuXjlCmN=f4P^CTks zx`c$=Cl6yONr^Ld`(*tcN=@ST^N{d;PDJ=xS;DpTcShJmJR*EwOF;Ph>+ft~oic~W zK>OBWU6gOZUe|5c1G}E52YBDcu4|t!)Zf{_u;6ot*f-y{ZeD-T#8t3@wyGKQLj3U(;K}8fcnAH^G7uuxVrmmOh>iAK^n$oQW z1vAsV8Qcm71KZS`oC7%OSAVCUQ(aC4Z*!>b<==S_4N4s05Dg;9loP^f7<&Ag`a3?h zoW&3DgMbGC4+0(pJP3FY@F3tpz=MDX0S^Km1ULkqIKE-n*LTGgPaJ#Ve&3&~xp4fE zM^vLwP|Bvh`+>YZFHIH{)7oFqE0#22lydpmJ%QWG75(6P(-EInM+D+}WR3IDJ^XH2V-FU|56(Kasa*3alAYbLLaho${T4@d=LcBZ5h z_3|_5nc%UqUQw*PQBn#th`oc}!{^czOBtImibbWQ z9nP2Z@v=FlpVc!`Mpjf+FI#%GuqS{y^|RyjKGRanIXSB0GRr=OaH z7auC&yYNC&I$;=vK)I4PDtT*RT#5uLxG(CF5$bTOBm64B*9NO~l z1LJ|+fvblP^#Aw%KkWb2{+Ifn?0=yDw$Z=pzqx;;?>G9s);Hq+M-2b6|F`{L_do0Z zg8x(gg8w7_d;AIiP5vwWS6&M7@W16db1CE3JGSpXu6N{m$5k3jg+br8K7VcckZD$R z-yaRm9K;FIr76SATlq7(ITP5g;mk;iik~=6foZjpFIy(gjV3A7l?U0tSwEvo7S5e1 zRZW~njIic(3B(|885K0>r8D`8Q7VF#j5L-`571k;h?j1!ZEq|+#1>M&QMC0P&@ElX zd(?ui5LuFpilj2?R^_BcGIE@r5QUJc^YqNTe#WX=`NEiVBtJW6Nm-pQC%Yh3l#*!_ z=aq_XN?Mi8NGntm$NqFq2VNL1Qg2KMfz!Md7&y|g(JX`QqvA8QHRn@q= zu{6h8KP_4ZrmJQ-ujY-aDNPd5#KNQrT0X6vQ)YYZCrw)JDY4wE8cVZms%?C#KfLZl zIFyQ@IoH{oyt=WZvF7)SrzL#5T&@^uq_L#3o|B?yXC#$M>gjMyR`qm3jz!}+ITa4Y z<#;-pj-n@&j3>7>ma=Tr^Uc1^p~oSDw&RDFig#WY`WyHZIu+ zsYoVX0OX@D#wjrIw*};}@xDT9lQ7>bFbx=`<#Rc`f(Zq#feFo4jB42gTVfq5*b&(A zoMn~G@nF!xM}U)!Vfx^lQZeYz=#?N}U=aHjN@MHNsc0+_Po=`i9z)fc{Zl7qsukTe zGM0?TqS0hHoQyRXUt_T%Ri!dUtCT}g zITQ*9h%^}0imDUqSMlyy10s(^XGJ&78I`^dn~P2~X;sx4r?W%|j=d-PLpzUNQ!g}s zNH%sc*#*6lBufxcP8UE5#m^E@!~z7bQ4Lp03K8A>s4Kb*B_ckN#oik}tx z_pZGe%ogTtyTn5ei%+n}m<7W)T`h~BbB1Y=TtrfpXtHMkmR6*oW)zit$)3#aV`#a2 z=M8)$r~Kv(D?B`TR-IEyv$}MmQUw4Yrd6{X6g@{m05qy4(ET23Wa}sB77SG>@D;n* zkWn%1ufjtFRY_K8e`zyv6_Q(}aNI-#4ygtfMcWIt~=qG0WkoEAjXm`(V}STsn{&yl=r5?mgNBm7KtQC03=8XGW=%d4KU&qXbM26 zSUY+s6yugScH-D^vMEltdY9s=xr*-hW?f6Hq#51o=N z?NGMFx%b_6?zyMkbI%dNo-E;vQyOC=N0#wQy-3I?QwrE3IsWV7l9-l>PkQnYm-D>> zBcGloDYbq?y?=}nRJDr})OW0#h}bn;4GGcOT@(TW$>3JXI=E!;gC3Nev6OT!cB%KD zrmOzAldsy_$VT4s3ehf&oCt$M0uXtO;xGAOP!jTskrDcliG~o0q_v}zg#6kwM#;z+ zqa&n5qapNLPC&@t&C~OGJ%2xX0*P|`%Nq6cz?I!;5z^p5HIt&Cl}Qag>D zjA`^_%pfS{)_TY0nQ4S&i9y(!D5wp}GG>-=L0ZfmbMk`jKwx$+txOfGDeBY!F9JaJE)B)(Gn=omGR%>+q>MiY}W1Hhg&MjAL+0^~_ z-LH0jzw;ZNzt#E4&RXY9o$u+qtmEH0zS;4+9q(}ehx@CJAGyEe{=EA(*D3b__g?p9 z?f=yNwf5g^|4jS6?WfVrPw1cf?ocl{C?3uqXM6wJ+mBD#818<&cBT0d^};3!^`GMB z=CySznJbzYiE=5%GqM;A#(bfy1O+=5gn}K5WPI6JEGuWlw44fw_Ie~#!e-MYF`+;Q zRno9xK#ZjNtSqF!3d*wr`<}sEkh!G=g6h7qJORr{epZ0W$7mEaUt~(@8qs8#J!T{+ z#(YvDloZO4VxeA`)lb6T4Hc9KbF~U=2IZ=MqBI>SrsYb2nouhNy&JBjv6h;q2935@ zQO1>Nxx(}+(k-u?2nItD%0l%bsBxhvFXFlz6t@U;w}h=SY3Pr!fEXnDqea78LC0H3 z%WKl}$l6R=K(DZq1K+Sy%S_#{(8eTC2bKHLPbj6kNYlDp zz0hH1F0UEP<$~MHTwXJn%cbgtc3Qx zHE1ChoR*SKM?$^-URspqW7x<&OYSuI;YTd}ZL5Rp-b3lueVmQIrb{h9ZbAX$?A>&> z@8L_eh&z7u{<~=H5nk(FiEcu&xs$fw6#7*n*~EeX%B&eEuM)}T94+A>dDSf0%+MMx z*}S?Voeo742}$;aqcPDJ&Pt+BPKX&_G%clKk}N5iYy>c#rmeVS^Xhgv63v7X*))-C zs&oEkY!|gYM)fxJdl!x;fCg4a(H+xf+nzv!;#M z+(FGRj@4af0L0jC5dK6Ump9FwLLC#_Iz(8e75mDyQ+7gp`AATp50CS*C#aGW%-1S-)1%2<#1gzWuXi2D3*!}$Xkh)a<1|!v27JC zC7tt%dVhgQuL(v?UwsSf3>)*aQc+`9)3Gss$a`WY zkac@9?52V$8ISlu@YOZ>GVB?{(Hj%?5VM%Q%>~O~x0++*AQ)z_6`E95?iFXNvCm~J zQ_QZkejZ~On%3@NvBmu>j%%FXZF4{1&3OmCH+tXebvVE4-rMt6J`%t^mzRCMboBn>&C!GJ`{9EUf&R=lu zbYAW_>v+lWtmC&GKkry@RK0)aebxI-?~`8luQ)$-kwny1H_Joddi8>rQZ!DzUccmn zMWq(Oz5iazo#1@8dSMTxa~Jqk@DJB7BT<(l=)mwmC<`Zw`I4NW;!ijeOG7u0`^1ze z`NB#>f|)Cl_GP4aG!l};U?v;4zxLIxF>lG0bNRf0|IEt8()3=TR7q#Z^(edOwv(L% zTn1Hg;FrWB3EmGvhRv(S=A~bMCaC%vvR;3pPz(fP7RB7ElxJ|2TB5#HC3Znf?`hf1 zX)q88usXOF_)55RE>-}O{Hzc6v$ciauresx_o9;cA)uETW6s4lh-MIg%5UWM6 zFqX|%3u*ld(j;))4Ypq;Q@UHu=b6;w6F7tjdG(Q74iHN?xpm)t{Tgl69&AEaMeqt zLil5p;dDWzR^p~KD-4W`3h+^aqX?02XC`y$NpjDdCvHla9Fh73nN&gUo&e9LrYnEX zzd6VwHTGw#dZCNXnQM-(ZI4AG;Y>7^j$>c1Ht*}}P+KqTpe0;wechzCUU)aH;Q)Jm zhb)ESsYoUWTbq>eg~RaFk)yGwFD6GqVk(poLzyTB-)i(2o$%Q2Y~#i@8pLFotzLrQ!hBls7c?(d>K3CEeYHw}yNLL34GNwUFu5PV=Bd{bK0(}r z0-7WW0;JuRPk=(!QnbsXN=XWx3kE90^(g>)o(dG;&WnD_wY;Ja2G>-p&k7l5yddYt zab0;SC zxVKI{*tW5zUUL23L=}maFI4h-gn-gZT}2v()mkpE7dJGwV}av**@VvNe32JQ)8j)OMD5{CiQ`*KPQxmNxFZL2|y0gJffjdd)8Q7e$lSwbzw2*D;Rx>(F3V*A$0@cws1G{G2R1kUniqxwW=k zQNP`1$BZ_jy6#dhTuKon$&tZEsM4fTAk!rlWZK5$iA~q47kX$#gm>b$o9AWfg)Q_e z?Jkp8%0p4~+HLOjH6n6srX||tfm!76&>AjsytZRCHS`cVKpap>z1X>ViL7)YJ76e)lXhEO_ zfffW>5NJW51%Va>S`cVKpap>z1X>ViL7)YJ76e)lXhEO_fffYbx)9jXb-Tmmc%Q@Z zKKELq-hJ%4jvmKWXIJN^3YT4WS=T~>KI(D#d_MTT^~#ydI9%m!N4O^P6OqTN=HKaj z3D1*FA20_htz;bGsEF4cX$t2(^6;df6jBHRXDWfuA9>tNi^y=5T8ejQ{%We0$|KAN ziNKL#9aiLN#r%63u{+T{VwfRPm^OFwZ#wy=0ysNcT4fNMs!HZ*bi|7qzvL@Ql@MHn z4oGK!FiLRRmdj)Yv_N|{uFuI*KqqA>;iFl~Xh-mKvVcFyNE}?oB8>Hq&&bs@2|1`?1Dlb#)ZE(gd9FYn^*6(Y zKWgMSNXIHFh;L?Kxb~ActRh;#xb~ZV%K~^|A+$xRjL>KbAWdUlA(k5HhP1;eBcWR> z=6>mZAWEFEQodc*=G5_ZoB+FI;2;UtHIB(>X9wQd<20U{wl9qz(9I$n(^$dBx2J@T7|~;ahKOm@h4`OxOB}Hd|WSFjef{QIgycj3Pie*4?!eKnnsb2(%#3f5Lh(?2I|>Phij{|KiTQ{ z(IMh%=RTH~X9ectfdny?8ubdw*7EsTq|lUtzM$k2LxLFY4JUddQGYNJM(LiqLi^c* zeqLk!G<+QI4MqH7B8mW&d+M2$KMwojQZO3E$LSS67K46Klwt`?Bh~P6N7FQd34b&g zi-*L4x=cSNYyb1Lu07ftlKe5`OAST`>L1qo`LFBhClro_rNp`VI1;*Vb=G%cLO(Qh zMAB6vQ7WA6kV;wL0l_i|hfCAqrUj*3Mi{@DNhF({P>M9eIs%rOk{u#iAhN$VZXcE) z`bnnWC_wQceF?9dMqU*f(0;<<1pXPQ-=_D&(O~uHMEeO!(O4`vP#@F#d37E03Hl=u zQA)%H>bL6s{9s-Eh)9bT3ZAQkBqxus5i)rN5E+Os@MRAPd1ND=7Ki^$PKQVti5sHKX z(i3_=f4Z)I!eL1ifu$pQKi^qLKT&@o7DvYBbM;|kYyQO4(HpllQF1_{Q5@JIeF=YT z8hN!_69wT-h$8wquJ`lpb@UVQBTG+046d4SwLWY?pap>z1X>ViL7)YJ76e)lXhEO_ zfffW>5NJW51%Va>S`cVKpap>z1X>ViL7)YJ76e)lXhEO_fffW>5NJW51%aPf2oV4O z%iZ_3dCz;V?0Kl?rY$dQNq7Ix?uBmm=1*+i;`udCyzA+%J??uuZ|?YE$AtTTbw2SE zyOh?%S`cVKpap>z1l~FjsMc@0(&6knf*E%?oDQcmnRIkI9Ih^Br(@HxiXR!yg(0OV z7vLF2f!8ivi)491I8J5!;$*EF{Jqf9|T)KTHNZZad(> zIVD{q0SSd%Q5aQHESah2*Z;PW2J^sYZfP z;`7?dY&2~CN3S7{Oat@)0 zi)lrmu}E{(S!AQGP7+kclnMx9nz0!j4$O&|D2a_Hh|Y^-y^e+)KXB#hXUOO=jNXh` z+KD|gcyLhIm#)f{v(c~}W?`&II1~iBS|K0pCGOZ_4BO)PzAIZlO~wk@uCz~1&C)$S ztFO|2QKBSC(Poemf9+r*7L7Un%yn=56d5ROyQt*U6yiv;EgYT9Rh4|MQYAatH#;R) zDhRtO3;T-a2+6WtY8)Q7v1p|E5J|*sI~0sX9p7_R>!V}_gSJaG<U9E(>c&Pouk?U6VIYzF)XYZB_n<*92LQ_UjdQ~l5y;jgbD+~(7t2BF$8x8lP=F7 zlskxl-Lk^|m=uy?!2iY*K%QJh;!)A@G6aO9WH@^P!F2GKAnf+zh9o@7u{jH2e+XzB zmK-k;UfTN8f?!eKnntIa|mqlwmIJ8n054g zuV;Txc+1B&e{b_2Y<|@9&+dP5|H%D^?k~AN<-X0`?-t$L+P~laO#9yUZJYkzwo04a zHrSSM{JHn9y)Swn^?ufy_8#)ayn^HB9JAirytjB0-ksjd(KY$wdeL>N8H(G~g)7~T ztuE(#X!HWdH!j(qFO_q!O%0W*ll#?$chTB=c&*!H1EB`VVQP>(RGcnxn{1z4fteqd zD92#$FIEL^eVQ9q7kWC#K=)tH`uh6iciojPAyd*+McH){x&K&Lm))NCPnDGqygyya zC_*|9lkSbz&dP=SwIA?!s<~=j=@m?KI5ju~TO|250~-(wq-;LitS%hR6%|h|(<`J> zv3O7krhQ^Go%Mx7@sKZ0{v|3f+liSJN)w)pQc0I{Q^bVYE9^rO!E_bTXN((#DZ>Jb zd}P$7HZz$^PvX8Pov)#_kU9r*CCUE=oBm!w&eLnM>U1unAe&Yxm914clnP39vXmiV zZBo&&pzsy&mKDE;MZoA4kZKM25=j~~Iq#8cXjI1f z5KIJu5l>Z~sPrO7mRzkOgBdY|vuiD*s452IQ7o6NkSrFHV|gF>4?(+^An+r#0)p=B z+#~qN`u31aX1LZsHaH3>y`?9M8$p%{4;Mak3bo?dBJyi_^2)T5?-g);n5z{$xRha+ zK%{G)k8ieD;4mFemlbN>M?+=j8{=oYK1W7#i+;geAu!Ul% zhE?w<0xCT!JZA{9ZQ;1qgObgblFs{P)CCX4$obp&SKda9G{q8Pmq*KCC(=1$zX{|? zlFL~JH~QD{3KI7fCs>KVtA$+v3epP#Jw+jTbe}+S`jIQv-Xpnmxl}1-t7E=Vw(c<> zyCfV73<4i0bYxru9NkCvhU^dP3%DTrIr7uJ+qGv*7-QSEd$$LjDd&30K)|ocq%Q?P zSA2UsbkwyTD`a;Bp{QcxLLTf`UO{?2Os9}5){ro=R|tBlvs1uKxj5UjYdh72F1i~x zamaU!?X)}Z6Ygb>PF1TpPyZMLY(D=xq zlGFt!tvSJKc7&qgcu-bEpDdX za43~hE?4J2LaVOgRaf%!xmBIN$I|9qgrwDqK$CZ>^LNv#D|wr(j2bN7sm|X;ck>fz zUbAk-pj~+O<%%+LaT3D6nw8p9TU%~Wom4=RH9vt;R*(g7IqDaYqJs)JwunboBTNuC zqKpRP-VXQAlo|DRABVA6u$*!%?L=RE3lDl*l&NW zf+U-QY+RXF2xeMQ7O7uJVp4*Om3(euvMR6~w^TS`I86}TFO1B>wE_+~vzT>tGFK7s zKSi$0k`F6WmZ)7YqG^vh zKT9bZ7c#yEA!GiWrKD30s`E2+c?*Mld2eAMqv=TO;)pCj3}+Zj{$`-=ZYtR9IyyKa z?8=cdfV{%h$zDh$+7X~9fSdxfL#fdTewg~%y`uEeK>If$oz$;Y=cgG?hWMu0$R}^m z;adIC0=CsG*tV^{MV+s*iFfgd>ypt%IM@35)=qW4Lg&Z@y{}!eBm;wP`tD}^l$SsX z+DiN3Qqb3l6ci^?&=qD7e4R)^m(vn11%2Ht1-+Bja4G2PJ659;SyTKrJ%1HQqaOXEN#qE(1Mp%aVhBQTngIKe#mj1+HcUs98c zl~RGqLi?0F6w!)svXqBU5%D2|rUwOdisU3GB3xKeQVLvMeBqRYf60lAFCj22;5DWX49y!X&|pO<&Tta5{VA3av3>mA) zLMP9Y8QV);Gcz-O_)aNPV6&LO6jY?LAAbpup+q{WL{f4}i7P?aOv0ip-=q|$bLCQz z*dY#OZWMz-T^==CiyB1Gp!i0KX8p{-I|%aB6FHQUJQ*QoOuCd`R^uWY2yi$-TW&p|MV}! zCx0-TB`(3#TBJ#KtAWF6Bs)G%MVR6vQ*ZpTQYclydf|+$l$VgpxLpf~88|$6xGy>E zI|k2eT#N9ZfmFVf3KZlDfjhA9wz0HUu%f#{>A zMgS3B@lpo=OT`e39HS4>k%XItU4#97aAcQ@XLsw8TAwmo!>v{^SJ^9+D(MWF95cnLDh1J0D#-*s^pMpwjY9NZQ#3Bj$veQrT?08&l4umAw85NJW51%Va>S`cVKpap>z1X>ViL7)YJ76e)lXhEO_fffW> z5NJW51%Va>S`cVKpap>z1X>VyTR~upw*!8w|KjMrqkFvj$mW0T_}h-}c0AMZD;h;Ki}}bdOMuOH4XA!Rb`H8+#&T5ybvj$Mf~2Q3f`9mgb&^#my2+Zg13{Z zo}^wFw=n;iN8F=F4hh3k@=TFDUK?dkrA=V~E>qPLv;p_sdlfx znLi5m-Fw*NyQdDBJwG1akxnCus+<;mVJVaFg@akVMo=;cCy)*+q8v%ZV@hAPOJxuQitlU4p@fGURk>QL1Vk~Gh>Kz(A;rV^ zYYg#?SK)Ri>?+st%I>|w2etn2NG_wuyBqxRL}^w2c#Y3ubzeLNMeSJhkSLAy^oXcy0W&ldAEFTOS69f;e_lvZ$OyNBUyryjDDz}ZecXmPfC z_#!*oy5w^2l-x~AT$Z?iaQD&noNzxxUi(GESV_{nl7|T4{va*kl<^@m;l7F1 zaF@M@c7)_8g8a%EpD4v-UpNy=`Q&IUh7d4OMNVh3@oYu`;r;+^#fk7k+vDMEMoP=k zEC~1eX%#2j519z}`z&n?!hNZ#_R=cubo~%@x<2nw)dYqACwcseht^HBHKxbH-srs0 z6d?!x%oAm~z=9#H0tBm|*IKX**&G}vJ(Alu75+(tl~a3ClJ zG-u2HvYg2)EJT173&;Nb8Ee_($Be#K6(46wQi@0f(eN8ZC)wKy>d>tDF(Xt!p)!e> zE;ufx*Z@W#qK1lct(eK@kqg86eVRQ#Ybc$uFD>Mz%F`9a__%RKl{98lIZLyGm?l-M zkl6RNDWf5Y88ntgTo{sIp`kdHtFq^e4ds^QHa@E(@5K9SWdyaT?n8EvbhU&qJ9LnA zAuU5_85>*jHJ=eJ!4jp&12^}LJ@P~P0qY|_u-PM81Rr6zzyFBFXsI83lV|c#RgE)h zyqQtUhjh-e&cgvZ8KY!}^MHp44~SYyI_ED@)d(H-!X=o*5Ea`e)9&+anl)9 zJ;2VxbzFL|an)b9Xor)q-+U4t-UeZ1fR<>&ife89NK#ez(e@QS-Ak5!X|trrPxAkX z&Tl&!Bl-3G@18&F`AUT^E`seRk}+AY`WBdQu^SbUa~R~sy* zk2jn7M+5g*_sdK*WXAM|w)Ly3L`!D)l=O$0Ym(%)sj5i3;V&&8vb?m6scMkcj`Km> zt0o-~`vbHo7yBP1Vm}FWruu0yXJ-!*vEN5axY+-oS?u3SYq;3|;EqrRNre!y!xu~k zgT8PWF(4DMRL~d7O2M!c3n|fb3}XKcv=tZoAKac6B?W1{A_(%K?xs~-?0?WC_V2Q^ zF~okb)}6G9hsk(wYrZry|1MR1FJrjcDC?H`M<9MdHW1_rk43tawL%qeO;;TDiH+{AEpR)S8jYFxSSk~h+Zqo@S%VhdNZVLB0`dN0H&Has);j% zr#1?}NEL)|ZQ7SSfLEcAZYXK!(avaL2&FW3q)8a1V?vTNnMClb>G`!y(60ufA|u4- zG-8WrLMTwN*}MTo^*t10xuW_YkD{qwPfN9fN94%sEG3=l4XS!AMeBtDcHkd;3(Juv znaM0hLR>O!rb)(Xkn#+~(B&~ELvrNca+|3y2wp3NeXy6+z#@f&XCqYe884=(Ed4FdeFj_u2$7| z)7k)Ewz~5MOg^q5jGhCoJ=|cXf+Go02eZy z9o^W3be-h6wsNjY_>^Tv4Ur@-0z-n?eEs2zmy0)f0)Yy8g`*=v^2Er&!J$JVr^h&0 z4IX5}sO;E^4OhV1W>X+$drJfm=TeH-8scbN;1Ub|6E48wn{mGIK&R?ZRoq}A;PQNl zBiGx53(!qDIx=S36uv8z3z+D?l}D_Bs9W&WAnj{co^g}fLpSP1z6CavouL6XaEoP2 zx1CVcZbpiEV7dpEB*kkxfuPDP?lz~&4_K)3dsNj!C-Oc%WiwSa0|vC21&rpj`AdX0 zhhtcXB{=k#2yO15J#yOoB{OYiahf@8{?d+kCK}4fnXE6B5D^7gjFSwLsi-d$mPN#y zi^O7z4BE`XH*-4srR|AeEEA2T^3~NsIs2 z^XrbC&Kn%<&Yn;8$lWh=Ki&PCn}4VCj?P;keZtq&OBz1<|OVs(Bob+ow&0PrJ~+yEI#H)jLU@1j%Yi2f)+^h6M7&0@`Rw0=}a>-j!aEz>1k;0CBi z*Ui^iKFx+)noPHpBn43~)4pt4#!<;e5v)iKg?&ma9hH@AI20Ab_W2WvBw;uBGtG&> zBR_#>WpfiXM8A`TDU!JpSzdYO&LysiNUXUm;H}ImG@uE>@*r~cB*_%uBbi&}a(a>n zr4|Dznh6*_AwCR_kS}M+Cy2mLlN}(;&Sbe%o0#;KGgH25tyn|`;o=0lRe}MTdSI|yil4}NH9d>Mx8Hksc1OZLVKadRtJ8ABn*>yu3a#(-9dzLrHs6^ z3f&E;`R5S19D$st!`0GsSl9z?W|d-w$u29C2#DOcMWS>=w=z;dG~I&0xrc?W(wuwr zb4i?hDw>lI4Yx!uJMX(!Rf|mIC@@0s=-Wf&Fz?bXx<6x}JbZ)3j2#*yTQtV^XiR_& ze}()GN9jpyJl%%GvGz0$2~{mnVwL7QU_*+R#0U^)7TJ(Xk&kX0P*oPv@Gjn+jspx$ zS4~7fkXZmkPLLn95ajDrHAiP1(z{t*`WEuyO9^!R*~hogFA-E3n8H$2Kf zR3Tc~%VF{wJ1otq-*E*_{q|muwppu&?$d>4C#2Kp+m|{LeFDngCCjYvGWs5iTbEvGKO*?tfR+PQ*Xg7so|sjLY$x^Z%9 zYPui6n<+nE@xH!(PE|idPmVgy2*@M)h5eg?Xqso(j|0s>v{{r(PP88(#sC)GQY-0H z-=V6vQUEP@Ie^|CoY`y=CY}Xml(fC|w_@aq404J^-kIquXyxo@Hv+Eg7djYcZ61UWnqg=JVM^*2j*jVQm{EzC#_07>L0529lT7wrk zGc0bjR?wH0TRTJ~1SS;ofkxHyHPaqls`VY*!Nj_liXv zzvIf+_mJ^!vK?>Wjv5VfiljxQ+LW;G@Zs?j!eK;+wI41R6@wzC(L51R3PqwJ$8Wpp zZS~z`yn^j`hYk%3M`_%3Uq8trcmzr0@``qqMw0>xhl)_@k$jLaJiBSc{86Ni3dNhJ z5%b5ycq9^b{Fdw9`YtjH#da2ED4!laId~ZHa0>`2%As(qgh;QmLNZORRPARVMx?kD zvzvhw1K2~3-*lzwJIM@gu${q?;gR8fo=^cQuH7I}e@qGk*v*4P{YV8Civ=CO;hLln+AzYwu_2p~I5v0c}mykON z$hst|M*QKB7=xQY6RJl1kzf!@a{QX>RQ)8jmCZ-!FhrznhF@PpFZ7v64fs5do3_vZ0*Co0~prOS4;==uhCFNj8`x`GavW z0lx5yu6k#EI~i}r7K-|KreN$ypn9UntYRcows53xh!AkRJz}X-ZE2;5lPKW@PV>@5 ze?-E&oUr5bu2TIfGL-?_sc;N3>`TIlBqC@px%!|#5lKWMHYgua2n&jO#`MaH(rC*(CGX--HsU|`ffWHS`@lO!k2 z{2|gCN%*4@_)Q}|(Ha!vftBOuU6uM)GTbd#YV%P!Gk9=N*q0_3R7k3OjC(5`Dw1^q zzRm1{_ALcN39<2jvYG@Xv_I#Xs$W4yJzxu9YKVOl%Y&XxG6|H~~57XI*FOmyxb-w1wZm zIZDSt)r9_&0|;p^CLn#r-x0#-7|r(Cz!FD0YB&vrDh2!%+48G-nJ z2>m?Qu-#x$KS*Z8ez2ezjfFyvpK;Zl^-IWT6Sf#h=qRUK!l;%Kk*t&v7J3%d)Wl=4Sjh1SSGwLq zh9c5nvlcU?OjM@JAxTIUAy?;T?Y1!Dmx2)h$!-)W9#25#{J5)*ym{L&Or4;9^OAHX zh0R=Y6X6ZHFEtV9-`7U~Ekg)W@_CxVe2CmIm2F`V_QxU-sYxKh-iH0qFd}iu@iAAS z-c4X&ugQ&a$pB2VpZ|3!37qyCLc$R^wKm~W*blQKtlN%{y6Wxq&1AqkY=N!=V|X$L z;TRM>g?#U3d5hw7C4;xR70Tc2wk70`$Afq*+dPpF$Vn_3NjQGWb$8uE<}q$N5B3BN zM4fp2n3y)XOr=IlcC-#3wjVwm3q~R~G_yv z)N`Zf2G2XYzR~qdUGMMO)A^5%FK-&y6xwvnCU4unxBX4qAGST#_N#3_P5wbA%lujS zi)9)wU-d~*oqH!Wvi$OKW?y>zEo}0$di7Y1c+~C3^#X6Ma+3gU6HUnZC*7f#b>4 zar{0IP991or)l{FDG!tSLh`_gWO~Bd`{_bHn3ndRO^xPjhx!x2bYXujEuG1yS@+2U zN0M@~Pb6K)GksYyO-w&Zx?*44ob0p7kefyFJ;sh8o1fbZnJNe9~$x7IlXOkl{$y##YNHR5pJwKQPaL5K6 zVN)RO8-SHRcKGbk>C~yd*)yk(-YJhJYOJT><9)}H{o&;CnLhL%Or|N$0N5NB=)cAX z9X=7S9hVZ-^ue3+X}}>RSywbN8`+nV#F=#AcL=K)gHMEc7g9ev0S!IyyqJgKZ4p?xIzzZiB*kE9&wade2 zGx^K_Lrm6gNIDrjP7zBRVgeUqAB!Ov1Cz6dzKb{;;_6;Wo zP9%>X?;9W(4G<0{2Tl`olal+6b4(aIbmHvEzM=hzn@7%`Id=4RHrVj~oA)0-F_axX z5jik&=jotzvL};$hm!jbC5Mjp^(6<6lf!m%asZ&400Qniojl6>J~=QsJal6Jz^Pz< zaOiAYI?7kV&cY;tGN3kWU=#g)f)! zewM8Vn4B)wyoG#sVB0WM$?oed?9))i^zgW|MA+OuBCF~Ax*f#NWt=O{yI8l~zu zgls5!7ztajcAg^0KbnyEIsi4y|4e>mw-6(58Kyau<*tB_Y3~u{wos^X06YcNFJVqT*;I}x}PPa|-TYPNY z4k#vTY?DJJ^*&k6s@LFsQi1OW$Cx#`iZ0=xVh-{m1%utjf-LvFYiZB`gF<`mCk$Ka$@U}dTQ~jt zroY+rolRfdbbeEO(|g-K?L6nqI!By6&Y*LLvm5dL{@U?f$2aiL2L3qv9Q!xWTyMJR z@ASWJ^e?w>w1d^PpL>@&x04>I^PF)#@fJQ%CcA{$R|&34dZ>`bXG_G7DP5pRQK^_Y z#!{zJPe($ibq$L>WNi+8(i|S8GD+{XSOZ94=AUI{!lqZ0Qd6#}UEiUR;pDy}hmNj7 zfE_+Kl5CCxNlmaDl27a1>KuEre;=3Vp0JZpAydLTTd0(>RXk!)5VJB<&LQP6ytWM= zlZxlyG5r(I(hq4(_9TzZ6WTfUOq(-=C$>T6yq?Lv+6;Bs*NDHx{idlXD_~DyA(hE3 zFMZYmD<*xZ+f}>`uL8l6ir8iiI6Xv6~n%8N|b!@ zU@+?oX49!~G#klgGeO9&?5!_9(vNS?z>PL8CrIk-Irf;B%dd}{&2;jKw5%zoG@w~U$+J6b){*&B zE*9@xhfUcC-nOJc+4y7~R%N5{k|t&2lXcjYO^uf{DjVM{YgslvTi(2E`p#-wHY%1i zFdLsWSecCqtBKhtC)U3e?aapKno)LHW3%zOjiuSB)J(F=o10DFH`|Y%l`PW6x2rHm8y`2>q>ZX3!?aPg3ahl~<0jLzQK#E#S7)C# z8ZKd+Ha=LZh1zJjlzH0tVo4jd>65h@s*R@FQ8HPnjY{2AZ4@=ztBpDvqqV70w^$ox zy4ji(nannt1s6`ng3b(Wp7J!Ai?w&B_SPF&o!iR9XOWw1srlyON+=L`Sqv90wLeY_ zJ1lsMR?@k}`x(c3UG0udw`@wZ{ln(J-u%a#pV<6`&FbbOn?swg+3fNB!1J6(_6&Nu zJ3rm2A}+v=_D_5NhxcXgcP^lP#>c)VWqdv+{usx z8qmB9BR(-27EJ~M5xR<;$9)bFvhjAEWFF`hf}ZN^6oLZawO!Mrb%dfgOcmFg_*U4M z2e=g(J9!KJRNKjIxc}HgOKPm~6T0P?Xh+pD-c=}>ijt=4(e1VTEOCvD1oX=)ABn;o zK))Q|9Zz3pQBV=JpI7HXSO$kp~9$^D?2Q8p;FS$jqBOIWgay!D4#Eu{#_RE|l zlIxSijxaz!i3d5y&Gs8%tfHK_2WJF2F!v1y2iQGt?7Z*(p8A-OzJ zBcUxSHkx|{jBx_*D*QI@T%&R}9*ZhUOiJNxMJ$?*OXN;5j_CQBP&Aa#^>5pV?NZP_ z;09E8DQ0N$jrUw{(3O=*zrLH89`I@ll%Th_5s-_ux{g zX=BHB?OBPVG~$BwKyTzO=q7b8LCF}mD?Vw%RaQVJ>}8yGq3z|iQ|erdp%6E4KB@D7 z4O0qGdKO)tQ~D<@l>P>FE<)#WfYVU-vY-RC57W;%wSNNCUW^5?B1<&mCkVA?(Tq8@ zf5J@dS%6|r?Vs3zkO^sc9Y%b31(Ai-I16eYjw2NaVt&ODg)u9p5$S7=1uo_QdSbhh zm6T8@l96FGW)X_T8$TXt8+KdefW5iv;B3ml;v#i zl%uR>)ob7=>$*@_f{Uz0#L+ni#1Q=|;*B%e>QtQBTFn<}B>bX&lg5-*X4BP;u-aXk zq0u(nr z^G)2c&K*zy+Z~__{pK_N1B_!f>;Ykx+_@JeYg)XqfM4T=>N$J9t z_8!N(94|ZEd%K_L{>AS5x^vw}yWh3>KQ{mE=0Dy1+0A!(zUTP^&*wV+cgKJ0_>+#E zj+fn6wEt`SkJ|sR{ioY!+LiXB?Uy?qbllxuFlqZF0^mNUi=l^?t6xXm z`CfG{L&@AHd1$Do*G=ZQUO<$SVWnD|0zyvZl`7)E6*8JGM_!D@;*{u#X}onyMKeB# zpa{4diG+NKL@a~+d}2mMxZPAF8(9O<1joKQWuN+_-e?tnq2hBH1+_!Tq~FIK7C0(V@W>C zlF0qr3=5Ft6NA3m6p5GTlc7nF7ywn@Oik8_wXK*hGGDXEs;P!Pr*UIWSUomEPM`Hd zJBUOs+FhMa{mg{lME+PYOKQYDCIV@TKN>;LG4>9tGS;-WCJL;1TrAgqDHI{yym_v3 zB)YxX<&G|qI^)^#jf><|2a5C5I;hT%zX^B+3oXax!Kb(5wOu+RM}prsTK`jUDg!L+KR4jUcmWB$UX8Qg{&(i^OF-hEwoXP7-A$ z9zc$V{49=oz+)yple4LEE(3DHD(R3FnULrWk9d<(#9B&4VvabJxls%T>o6Oo>C*4J zkuCjc%hG?6C?PZ!7ORizU{4bbn+569N;>DSR_8uU*K@(g*Yoz!u$$z>UX!EQm@pPd zk2U&fGRmS+&t~#TWo+)^X*jK|s;{L;sa@JE)8oHgO`fFO7unX66t2pKqp5ka)?Q2w zr_J7|lxK|L&uW}e*B}^yjh2X9&?~Gxau|->IF)5@;uvaUjxdbeAEKXX2)?bpL!G;g z9ax@q;A!3Nurbl8Ua$am+Q^r#}VhKbsN=Rv6B&|qzz!8i1G1w5MH$Gpn< zTgacCQ@QgBvOkitN&!h)wd@b+ z9&cCPAQL}hP=-gI>AsQ4=|)xK?bp&qla-#3=$W>gZW4+A{~l+*!}U2=-Bog(a$W6m zIA6ePfCsny&6Ypg@`qdgljqMp-|{@@`8m(sp8cM^o^77CuD|GdzDw=8qicUhwB!1Y zOWmJryRU7s?MPd=?b@~u*SDPyJAc_(arT?C0Nhup)DW%C%m3@>+24L*LsGNrstq;2 zn2qxH^=4g=UHnttA39< zZ+Uh2ENJ#TON+vZ;&-(a~AaUj@6i0Bz2y>nB=XV-JwK+v8m#gzz=*OIu zJ!`PCdG;QXYgEsgS=l^$5UK5&!OFVSc@JY{PPPZnuAi0Va|nvk2NOl6R4TLE-Bql9 z4g70>j*#Lb2yz;U?x$gM(r)IF(;l$}LqyuMvl^w5j-gg0hN5ysrYf6WLLy&hYUyev zfQPq;Err*w6%r?Vf}~fVBwP#y@}+96;zMbrQYugb65J(}3QR!?>`KU%F`-l;AT^Tu z30Q84!IztF@H1liSqUO++{!#e41~ms&lN;w-QiTNoRIE@|f@MvR0Bvw;#V(iGF{-MF)kBH0lycgO6 zfpP;s5{Y>d`O^wEHu8oijZ5>RkEruq^f1(U`qF20JzK|=Hx_qr-q}lI?Yu*Mo@Y;t zwUW-c&FZ|HPV;;_KeKPL`pgqg=Q6z_byLDQ886BOrI!i~&cmKDvuc)zh%?=1b||>@h$vFr7l%=gq_~RvutHD50(bCv=1pc=jNGrAXAwrHGms{R#W&yB{V}@z=KZIf(!_Jj zsL;gqxXIOo4J&zOt(H6(oM!DtQQU8rDZVJ2nAvcerEw8RaR+U!A;mVL|L=AF$kFqI zo|DevESU-3TS{k%6zbNyY{^N+4yfh}Rb^GD9VbH3{MW#^O5FFJqL zd7pF2`61_FXRmXY^9tuC=cbj_aOXE2nPtDiWdHNBAN=25`C;|^Ou|FJethCpcG1o5}&CRrfAGea4DR%3RPW* zrvefgL5m4VSE=Wj1%z8DzI_Rza>Il#>;iX_cPG?EX29V79xvOh&U7HG$>Bb%E*31X zd0C$(l+d-L52UUcB%@#mo_@?poj9fs?K`%xSv}uD2l*)16<%4l078O0=a4OLK#Mj? zMGZ*~#*mE(W(_q-V!M~KW!LIolGkiAvG5F zd}(GCq9CNcP{h+@aZah{nd)5UG0k4lMV^bek3H&nrjc=q^a=!`^A^SHmCoDL^KI<( zbIs_LjmbkzOTAq^?_vXRQ|~LQCQj?v9W0RPdD@Z@q~kmiCn00478vdooxH8F;#%p;hE}@Bqr8s+8 zr{!fEZYG3*Krmc zhLs4sTG*(q)}r^C)K@bS=m~of3w&zN7{!1wA-!@CtEH*OM$}a70=qZV_GQ~Pb&=it zaU12!78~VGb&=fyas%qiJT{7b@2KNS*C9vOuXcT`tK4jPb#oqq>i|M|`@b>7)I*4fkX zZyj>`Z_@aHf8e^;`z7zEymxxXU58u&*SlSA=MS9EIZrzeI6aR42a98$pdigK<} zk@0Q;sitsAjZ0^$Ew5%;_6*)OA++fcV;agVv0RY&W4IY-W0D+H{7y_@hG|1rwnz%( zNdwn)gESOaRi2Dy#QB7nld8!3Lrg~% z(y}pxH_DP3Tyx{q2)PHHHg?IQxsemrT?Y0P;QNgofdtem^iL}3vqFwuZZn0sIw@B* ztvN&Pydh`Ny~nfmieN&CU5bCgPobijQ}FhsRKqLxy_T#h*jH_iUx~+H(yb7{mNJ1fK zGHVOfQHK~ZMk(BVoL9eOV+626;AZq)3VGKZ)pL=#7;7Tawwu+(Gjy)?HjZSv!N7#n z9M@N*a}fEMzcCm2Ub2XML3NS&9&>NCm&|T(OAv6#e#|SGi()TA6hkg26f?JDQ*kho zfJk`4eB1FN5ebK65>t7 ze z3aE=L^3G?Duw8j^-8}LLiC;s!Lxe$OvIT2|;7gpYmWZTE8RlvLu?B{@*4Nznj7JeK zW-n;zz`3-N-^-G3O_dM>7k{s%@;QVKF4K2lCv%7};$Oz*u#9tZI2w`Vlp=~nOD;$x_XKNMVsFJG~_IvmW zU?Fdc|1@Q+^j&0=7d0&%IMqLJm_%}7p4GJM*x=~E(6OT<#LR9gJ~DjlL|;SM$wR}3 z1{=x-PmCNM9K6NolsWDhGvQuRrmpQ`uF|Po?05JkPY2WR6`q^8VIk(w*QT#0Y0zv_ z!Av2SZfM#NiGZ#}yRB>bG)J(tp%hj@@-mS6WSEA+{E=-KJ>h|JLyJNd5?fknD20>Q z$-~DQ3QZUGq;Goz*al=x?W%NH!x(fZWW9Ib4gaF$jpa+*k$X9w0$)+UATnkK@sf!_ zq|FTCC4)h{Q(a_F`>y2dc`K6_!8kr_W*jfQqgW~`;D77^mB!zRam?~g>ZML{|9_qH zcO2fo_P*$S)caX)+Iz?w^9nux(DTPVLp>kd@~hp!?j7CTo98SM&=GgjT=faS>c!)0eW87r* z;@d;#G5Z~n=cy*{#d9I(oQwZ9b1lkijQ6NI=i;C0T#NrUaV+ZeE0{c|OmAZwdbKhw z-j#`A@e)(e7+zw@x}XJ%Y3SUxO(~mv{sSCkzDLE6TBCQddkB3aP{;BvwF(n`f&C1g&korkx6Bx z6l|&qI9R6?IQ?W3312LN+-i8Ov|1*)Dd06r{O-$(h*zHkxLQz(09v$&ri@8G5&E3(H-t6B6K zRMA{<8dgeT_qJu|)a^d;ch^Wcn*pNadiE zOH&m;6iOf-=!`_D9G>AXtE8%-YABypV5ac7_#kd zbuq+{d4eN|&geHtZ&ycc->oi6bVfYx#|xJ9!2&F+n#f1@HP!495 zupCU|0aP5kdoOLp_xxMiMMU4oWMDb~@7_bJIPdzPan;Z3lbq?0Z@I4PiaO6?r>Y5t(!XzW07r9pb6Zrv z^s6Nyr3lp;1OU&WESLoi*)o-fOubh)WLz%_cN1UUY6VgPZUhB9ohEz?(cjB^@fUKH ze3;xMXG?hqLZlDkO$SHZSz!|2lLAwdfT@Xp{eJxO470e{{`=cv>O4cKalUf>Fq79V zTv)(Nny-f{0d=0C+#qkdtiVm9B-A77Jj;u5-)Yw9IU7jtC*dvxa7Oa>9A3*AWeS(I zp zM%Epp@e zIO5XS3M51&$^tfJ{JTlz91Fu>{j{;zS1ae!B!YwWW7|@wW#wFUHeKZb9<-kAi+wDA zk+t9EG7Sr`z!O7SGP}pG)e`RV0x&#r43?AVDsEM_NG` z5z|#Df`H&fbF(ke#pW)=N??SO)ckzxH9-~Z_A1In7H;EQMArn(M`|@hXV*?Z zQ%Qi4Nv%Yughr2Jlvq-0zfp^Y5=z-r%E)9>ae&gu74HX@6A3qBTky^x&^$tBT}$zl zE2z)yP*x#fB4pMzW@Yoa?P)n0jb_tXD5&#S(<-i@K4&PX^E)hU31KIaXLwiiNt_?s%^{zmqQRMn(&M-|PWL z)T;r_7K;!q@1rMXKZgqj( zf^d7!A0Uz{w{a7z{g6W9CXvYar1&y*;R9xnK2IPW4od1mFD>RrFbajv8;geg0}{|MXS=hv+i4it%slo1XMoT5tLYQ|ra z5(v3liH0Go=;LT=9;_5daWO&c+_IjUEp2jkx7Eok%2qreg&MCx;F^Z)*t&SuAiU{X z=bIql-_6!u%4RD{)p%=7uYr98;=-<5`46}=HT*cL%$Pr9KQ}1wHcO@2eJuAnS~`H* zrRqY6Vk)Pj&vRFx1!ffGbo6-$CkxC9s+Dxkxz&Xr#n#2UIJUkWg_GeECr=;hpG+|p zo!>v&pDc~CA2$!3oS3*}Kl>q%o($9P=6asglOgt- zeLN7!XUMxu_J?>M@c9_+=!}eZY*Mt{ieiG9NEl+l+T)phSX~HEOsI1gf#+?^a2iUk z`{rPQ8O${V+y=hjCdo(_*afs!e)U#$Axcr2o5G(rq=qZh1(xHBGq&gTu$m+4f{!hM z^UUW>V!{S!-8OZB+2y%Y`|}p3_AAwe8|YN8<0r^%+7j>Ossst z-vGN_V3t$9s&DA*8hnU}44e;rV@D#Q$eDBs`6MMJjOeBrq>>DV@GmKXH|vPL9nGWw zKqfwL0Dfb82+0+K3d}H@ z*Y(%iCB13;(j;xuHc6YNNt?xM()g|?GwLRS? zOI)u!<4(f8g*s*p<6`k|bsfBuu+xOEeGzk7mJW_hj2(j1Gyy$%**19CTBY@($1bj{ zN}L#4W}L4$YNcDgtU%uQVbCUTBzo{upnZk%sjj}B4baY~`juC)=wZeC!`Pq)-HV#M zEnUmmauakdWl#Ui#+3{az!n}T59`74i77k30PC-1Nuy7`qEq&g#t(c=^J*X6NFi)o z>_aHs46KpntPEGOiYXuNX6a<5Z4=_U{IQLoxvrH}ZcVFMIkCUuA%JXRpET~0?Mo`J zV@%y%ulpWfS>4C?ljUUa6-T(ZF=pYg3dlkb7r2X_Ex>Sb0m1?I!m~vlM>qhRPd3O& z`wb->i68(71p`;PBag-AziPAj-kty8d!6s|JK7)heIAkfzup_^m3nvYI@%fUJkYtL z<69kH@A%PgfV(%2qTSKk!}(t*pL-b@0A1F3vr_ZF$BH0awDvmp^M{s|83eQ@RO% zJ{YUhrHezT<_Fh8DJ*Ao9;lv-Dru+~B62oPX5L6#lao2*c0;wS9JC9Oh_2_hAjR;` ztiH=q@QG3yuHf^OGRW}-lm`0;Mx{km>@iaFdU+jpLRXru#=#?+t$?-+9c*>J6sjQF z4Q1m|PQDzXi-mc^(G*M+^qh1G#RyBt*6udT#>h^4izEy#B!FpB1^Wy2l(24FA1rzy zM7$MejKiU+@x!5WkKq4j*Jb}62Bb%fz{)C*fwb<{ca%>0JSN=w%;)H&&x64&X8xSR z%yH7^vEbH8|G5KNIt=@Yo|U5pTnAMnnw67jJuPbq+(4!klsBQ1{+L??cy7O{CBr#A z7eg)aRUUC=i2%>pA^_gufmhZ^|G9>f{s?Q%I?q36o%FBxR#tfo$%jgOGM?KuXB=8z z8P5*$oB8Z5utA5=Zc8$N@Xcj|Ce~=q>XBIdSXe>jN=47c6In$`$I`KIGM-aoMmnZu zbC|4n1PNJl@Yu@fNxG;SIuf-e6Q~@lN8;%Wh`()sMtL5D88oEFgHpMI<7z02T&7mq zJQ>Hg5Pvk3$(mGgH-SPbhKc7`V1r4Q;bh93gz`wqBAa0pZmU%8=T1Pmd{GO|XLHSm z|LgczP;o3-8Xg(f@J~IEJO<{JY+&VTNU4V|xCp@dJd*?xlFN`!*5Y#3iT0)o1XkG< zXpJcSLEXdWY(K3>#_pYzs#fWg5k5BiSw$IC!~NO`4gO5<*BwqO$^H`wB{?t<8H9US z#8P3zRg@P>=uy>3Cew+WmQBW0Eo)#SBh5ezAscj@lcj79Ql5_d5^4AZBfD5yi>Eau zk%OmjCZ0&qI<^MhZulra0dH?y|Z}k31=O;QVo$1b99Uq4V;Bx!_*zqenejIiF z@;k())OKrTg*jf$qcId%FIx>x*5V?E0au z$GbwlAL@F&?>_`~b$!0;^Ox`OeXs9(?SCO_e$@AxMv2pZ-uHF{e)n=&&pO4t%}E23Bj=_LuB`IvKK<6* zwWEP`(iTDd=6RYe@%sgc-z;cnb;12LFVLj$Ne$-{f8NxZhj0hbD6bYk>G|D+6lL!ROx{%b>u|E0MC zU48^53Z4p0OggUP)I0gU2l0SQ;CB0oBEGg9HkNFkb#n99;I|%*CgA9!#88O9j>tV> zELEjJqnO8nZLDY@9V|o1cj$=pR;x9uV1-*mMx_HK(j2P5D;+dxkJgpPIebkypRm|% z0h&1)-*oYr3&D)|)r%TPDfh%OiPc3C>wYy-h~!jn7a6w^jTysSag7vp3w5r$6N-Rx zl_{WV1|EXyft6KW=A&k*>tFCviru6YWv|sOttapco*mgDv@ek0$ulC`S5U5C^$AXT zt#Sn~+?d?iQmz2H!#wZ6;<_(*@W(CB2R>w$5i$Ei_NgnYJXNd}0(Nz9FC^{k zVGUSc`cgZ}DWb5HG>nu6b@xtb)b?uVFCwpMVF^*E-RwP!fxQR@rf5hxeYwj$o)^Ku zE_bpk76W_H#lS9iusaq5d+|UxrbqO&W+3JVeu`?E5*oreMAp;Mh@r)!xJnr#+Sywc z1AB2l-ic@9T7rrnw6R+j1ADQ~z%K7-c*o7aE(h2xi-En!7}zCa<+7hGwC_t=%zWDn zY<(esDUUYu&6{9agK+9VWm>pD+IqlEi#QIaSXZ)fGlVd*=f#?JG32sQ)(g{fNdJqp zv=uNdE2ITJlUnRnSxeleYpOLnH|NUZ#z?=d3c=0qV%j?-3bK7XcraATojS zuGloPy@BnmE2=^C&9e6_%JDpDo@3Ex;j{H_w&kwaB<04K$G?>t2<}A+R|jj2GE+`| z4h}O2PDHsSSDq`&>!Q)Cg2^hD`d}j`4XXjqJXh8|YehD->Ry%BgY^};p&sEngs!ee z*t*e(^8f7$_+>?Pbh( z!gZjBiiOqcGw1b1N@oOV8;3Lr>epxFa$twY6z>gNsb#2V%K! zPSy07oJlM2z{sWzIcdPR7B!5MT0E;ovqto;+8QZa{C+MmjlIprTR?snNTbzzx zcSmiFbS!>9m!QUN0SZmL!`(z(e!9K3_I7sX9`>o@mig^RhHGn&u{rytck>(DmY>}2 zT^4EsNO4X%v6uk083??~N4eB*_PSu|IUMv`Dk4bakj=b#FBnV6F_ksFg|hWMV@>wf zEai2zJ!4}Ous*{})yv$fB$MVzE>>VE%jPRGC82dkt&=b0QmI<0rVZA}qF%|&9$z?i zDq5MoaO&Zc%4zfd9KflTjbrS&VA{C9a!iTMMPpQOz&`pd=8HTN1)^qx6cuYZ>c()| zC(9lDZz0B&m*hpG06`KSxW%ko)iZK>XhO%%=f!8piGt<=>IGBdYsLNR~c$B|!QJV4$k-aD zL^2*$lVP}asgYPT8r8_eO0V{XLU^nSkE|u+TrlB9m6;7@mx^%Z4wlL@q4{b$WES#J zn1+T&&P`6qQv=)x-0<7<6qfxXMxg?Km;5x&pvZkPjfB^uBLmF%YiqOIIW_9X5}Zj; ze6y({XM)zUqBv)jx*?cKq`^xG?xdw^Ib+Zv0dN~L%)#0s1=AUu$T07CW`iXYoifj+yDOlf{eN~MmcPL58T=pQ{dF)@`IG^idc9BEV5;8R3g*k3_Vn9aQkO;|2J zlbY-w+uHMwO->CtuT+-ijrB*@+QsIc-$EDH1pu94Ib+s z9F#(X6Jz}&px^>B>f8F_WoztCnBR1f2$MN>RZ~w*inf5pA z{6BW4cHYtUJ8jRlJ+xzO$0v4V1AiI#NZ_%+UjK{!Wq;Cl72Q~WE-s(#@&)epFF(-V z>H7vd!nB_)Ah|A12o+QmK^Qh=(HqR0WH-)&=uhTn=JbqYl*>3nF3uW7X$IB3sEQW? z(}xOhGVe!{;0jrlz)ORuauSx|Ivv-#L)6YCv`o5p1LoOZspjdr5JBy_-WZD@Ja zY3Fyg)sC8kX%pXd#%br}ZMB2+K&Y5Jw0zoW=cR456A3~TRuznA#A)ZnZM72#C)I>@ zarsnz$-Ure=+-ScC8(ivR1%+X()onvT|IAh$tl5TBpfG5hn;qw+eSO#U?P?Ps6)#` zPCH-SRy!&T%*puB@}SesSGL}ck_;vziDV=)v^?On^W|-|6T=or#DLL))6QqM(M}Ze4zC+*$(Ym5r?=G((r3nE_%79H=U2DUP6XUPf!v)# z%TcGDU)feWVI*HjBrYyT>LlWqT@Bqj5}^d+G3c)F35xRxpK|rQSrVZ@I8spVaA-N~ zwDU{bXeS)h)L5JZkC4;OFK(+H)F4QxnBt(*&M$1eop6$-IFW#0COhqXa$D`Fz=yd1 z5vQF`Y@?k-FsW)$72NGXr=5>)s~y_f#I+AQ?fm?<+EF5qBd{e8IqiIG8|`S=+DK>% zd=5J8{O{XpCz1%W_49z!&d+V5op>-ok}F8o{Z2bSyRCNcRWU7karw>lt^G5uhHlx` z4#%)mlmt=lH#wj1QCH8K+}dadU!aDuRPJ-y`A^$wC!7Ej;BNOi?fmpM+EIgX2*7c) z^G2tgk8Gj!K8K!NQ!LFJ=l=$^Zx>JiLMRYN0}L4(GYiL_%T#$~Kvm6fGQ& zvX+?N*m`wvxk8AUIp2yn{h4YpL<3~?eDbD@-epSmZP)c=*C{D3$^jut4fSwyQ3_mi z+}kG62%P>Mt5GD(N)okX{afE(`6d~RJk@U3vm?12lOG@mU~^zg;{lI2MP@#zmyfsW z4IG5Q7g}Iwpit`vj`LO_dzW((%y}-;mF=9po>uPhmCN_DwZ3dQEWhkHEZ?MggDWXd z9m>5Td@sWX?Q%ob(3d-FnU%};v0+?_SzGSkhtrsACi)JuDNpe^N3!3Is{F9+*h)L< zK3H21yZk2;Xvtzca z3TfR)m$KPdx$eb z7fTf~k(Y86at5=-67S*^!z-6>XGDkl9Qs~zWRk6JFwooAG|*cTKK3?T>0Ax1T)vGF zv-gi##Ozfpd^Gu@yEdimGTvII*u5F8ry4gRTQ7C5b-2+uo6&k6zIpaWw5~Xt(0;<& zfYz_h=4)yj%gf#q)|0Ny=QPcoODL%^5*@lWo%KM=TCb1Yz3F%sM4s8ujoUz~52dpC zaVOa6iG_mEl}vA3VqgWW0HevJb_9)OJm$4zq7x*)lAXMSv% zJ!}_ESUbi;j%?cUbpGG(`#B$M{$K9>RPXIwKMV_hw(Cq+xbvSn|FrXWJ3rfbrSpl- zL$LOLyFK3iruNsgecM0mKjPo(`v>12<3-B(m-UVLzv0*YXzL%he6Zit3z3y8Jgd1S zb-i*Rt!r?)R8=`fiICKACWlJMxuk4F61lXJ%_&ACeD}%~p7q?4pkCRZjTmuViD%S1 zSFZ57j+WH*N?q!@!Ye!4@6@HPyH>6=lz4o_Nj81?jVo7pw&@Ql9Qs$bFL{-6dS*$Q zLSQo#2csyg1<(3^_(Lwh2b2k1oB4E48DhYeObIwx$%##Q4*HHfe39iDM8TDd6bDC6)EEX_UtNB->H%46fW ztAx`?_LvfOmtk|WzX6m*E1MUVChNYvaP3V-R4o>Z;(u@l&?3!}A}>YdMD=;9NRY)7 zUunhtts4yv(K10LuN-e&_+N*Si|9M&jq8>yr8oDVJv-Px)&FKt&>*rr-h0IMN4(Bs zg~Gi@?o+^kykr^=A;wPFVMXGtUmBr?U3!Fx6wlhb)DdBB^#Zlsz`tY5)9!G~i*xtN z6`sQ0(h0l*;p|F7RnS*DSCo}2hZvHp4_ox^RVHifcdT6D zdL|y=<@=@;;kCNBa)oD@{=hpq-rwA|Kw){uN`uw8d6xVbiyQ|KQyLr{BLFTh^ zeujcFhY^1?j(pdB(z!>*F~y)?LvI@bS=u;~=7Gc393375xU^mllN+qdue$mE`T7Gc zZf#Lc{vA{bqdr!iSI`-X%UCi{FL@0ChAXVy*P66z@X^QIRr1J-pfiWvx^x5~C>-?= z6slHY=El^LEoo4e?^(HW4`Xh%H(Gno5fg6KqV(d)@`$y6 zHWUi3OT+6j!Pae0bpC&n?=O8lKhm?(lka)BN9zf6|7G`o>Hbpp2f82Y`cl`Yx>h^> zXU8AIE8sR%{d;A{ukHA$9jiMY-jUexz>d9vKL~t0@bMim&X`@t@DPV|7zU{9F9ca;SEVgnz`jbM45Gv#Gb7Rg6`Y7^`O#I|0I*E3tfH z_Qoz{vkQ7TI9D?2vA>B;M4|Gk+-cTesJC{FL~%QUd}uc=kR^7j2Ie8jLy*Zjn%G^4I4x2;X?}yu~e9b^ympLHQ<1U zqVJVi9gYm-1c7)mR3C(g17&A}YXhYkI2;5Pl+)G-K2W6ES=p36}QP4I+uaHIggs zBm#quSgF*mkyz>XbFp&pKq3Q?BAkiJMpzHaY7#1|G(<)@oXAA=FtX~wo8qq8HIgdr zBm#r`v+$aZ#EeYxj@mU6D(##BgSJeGH%O**-l&U|du!K7r1V=kX9k&RaP>{KYa~zl z{qN@{(!p(ulMwgk^BMeIqH+}j(68wEnW8jK$%)dqLW(3NR&M6Q9Rcfsx2g)}o3cW{ zBy+@ZYZ=6 z*OB_oyuOZfn<>R9E=V$T zE_ANkUb{wuq2Ir1k+&P;7q)FwmY%F44woNU*pJgZO+LROS-0&U$NX9WYDddxha%yJ9IBxyGAx%zkiZ%qrICT@ZgCB2$>X^aqGxQ!YoFVGp<&cCV|`fdd&G5rYw3kuwo3DkF3d zYM`_VHBdH=Ae&e^hl-nEzmx~kX1@dbb1|d}QnaK2hE1s(ZH7JIV%U_s(RrhRVN(uA zn_&-dU!F|uS_hle4{Hp-fo(HvSBf9I80p!1NllB+N~8Ir!Pxd@KHrVosGNlkHf#A6KpE3_to4hdpQnXM)lY`NLKYIs6_h%_!%|=7V~gj-bf$!`cEj z(z*oo;!+R?yAZ4H6rxbRtfrw}3W60Wds9T#lQ9iu!gM5>%tcY;zFv>2(bZ>6FJC|y z@;GvM)`bihr=aYKwxsJt8kBgmMaSEObL(nny16AIkTQ6tBpcG{{u3_s4PEiNu^P%v-^uDXH(i^2_{4Dk z@JxTxW&Pn3h5l2`mx~#%c5&6CWqQ`LZF=0@dPB8Ot4N1?^4PTTgAzF2*%D4IOO}7Q z2{9W2DjU0(U{iPZaVJsUpk5fA|L^jbeY?K2>*KpVylZLK^sd9Z_U`iae5>aZJwMpf z-xKcsv(DFbc6a<^`{(_?=KrYweg3llZT|cG-7xk4U%p@V{h)7{PVQ(z{Mi%&U=RZ? z1~Ken5GPy=Vz|yAZmV7EXLop7=Ha^wrN#F?Q@i$7#vlH-65|iU+vX3Jz-3oZru^?! z6LLcy8gfeyi%bkwiCo4aV9}1oQJqHCluQP`7ZD9v@KKX0i@<-)2#3RQUGt{h9tSie zTyT1uhZ7o-x>ziOa>C~%#k$+J~*T0j**ImfCZBFaK9;sTCxr1Fq?Q!=aX>^59bH%c^v zv~)bVogG2qq;s3LMmkMNF(@0&()2=vW%jC%)p8v`QK_=QQitKZH(Sg@S~o+`aYW;x zI;$h2Mkvz4>R@<@gqvC2^?VV&+itFIx3W6NNVU3%I&N{Ur))ElZE%s0h6HvPJeoI4 zO&1-%IoJE}9`kTd#nlF9RQm`;?rAPBeLJ}sI&?Xgx?0E8^AqQpSE>7|zA(vsc$)@j zZ*p6o0+V!V%p98^LgG6JE7SxZ$#fAGAKrV@aIVjDSe2+c3u3>rwmb|mlgN2UdJ>k_ z&Mvx2SznMD9RX4-+bC)OOvfV?6t6X}e=SkFcAU|`XStql*g31)jo+*-{~g)z?oPJ3 z-R&ke-t0Iay@fFqZZ#SvWx+A`h0aSSYS$iO@V>9gSvtDzs9$mDLSxOWmKxvgeM#R^ClJ`xR&#ao zz^^%Drso@og!O_&AW|^nbB${XfAFx2NRX2&Q`=m3MC0)4+t?e{rblPFv%m&IM_sp~ zg2(HW>4``bPjP4VNnlDyf7l1|v(#e3I9fKXLwIeQPNF;2t7%hz0LI`L(r2Tix0jh z=K7u?(vzs{0(Y1ha_dRR1=m*23>`rEX*Hh7W@JRr7^qL3fMFvVNy<@G*EO82qnf5b zPeLBJw$@{4e?-j~5j7qm!v;Cv+Io^9ml#a`x6T`NF&Lo&4Q5mvbWse$=<0pA<_b(3f-=F(_&-Z2Dm#y&1k#^{LsoIfEN=_YsR#l53`-Th; zI~*u+hLqF(Px%gQ>Ok%DwcobM2XFObm+@seMvFek)!wJJO^e)Ta66qn3rn|a1(}Qn zc_F7};&NJr6B`0kBYGsgv9{Lg0J>9&)#j@ft7aAE7D}^AmX|H1V<+G9`YCfUe<2?l z=s!nUsiW|$WbWv8zUe2bPgGU+UPq$oR%Pl2Crp>OyVd-y+{gB&eBf|j>fF%4V*{f@ z=O8H6&tQF)JjS!fj=(XbJjXzEJ%tdzdL+{n0uEg)-Q zy3T7>!uNIVB6l)k4%fMf1Dgrc_BwY>R@w?dkWBr~AKD~&`tIgHg~^v{?bzNTr<_yd z#w!`(6P4Ss%}l506vZo7@MG1f&NH=Zqg+1hVA9D+$2zAsh=>ib&e(EfbDOAE3Z>Eo z)Z2jPF0WyFPwm$#a(&b=$%H4_1uhc~yJf;*c7r>+3?JBxW)L#r5PONcLl5s)P!&Ck5{p@oXQoWP zF*1D#L^#bLf1gE!U&ZIv#$zkUMxEwhhw-x;uJR+G2g$J>Vo{GSnv+UdRL9=S?&!#d z=PU}eZaWqgTK7JuL>qU*%TTaGCw*1xfNjdOZch$%+ORW+QrV;mZ*1s-xe10`Kc;To z5%cNVHJ#ImJlnjdJdUY1n@mcss5WeRUKPh8T>GH?;ni>!`FI?<<<{44C^&$^@bWnP z)Ol(zWBKsKd?zCTJbLI<`^Mm+AznO(H*^xDN=ZgBYF;{rkNPB$Dqb;%ld6+$QuUaN zRGmDa!%r=jg_han1rloECVn0DB#*pX$lIwz#I) zbp>-j=AQd~y*+>Bll+tZo828Ti2Jn zetGB5`LA^SC~^bLbdC8ZyP{q9cKzO-U*0pj`ww@&u=^)=ebe_}e9!MX&i(%VC-!_~ z&-d?nX3sOs|KGQ_L7wZn*Y}Nv3$OBD@I8$m2=Vh7hA|h4M-Cw0KvYY|B63<$QFu3k zf^vG)(B*X6KtTdkMb;th%D&pQB{uor&n5ejZ8HMmrEukyCKoc4v!gM0z-Gp>2?j92 zT=r361E~vH;=**1j=89F1Al6_ZN)L?k%1ef)ksAz4UCRR@V7>B6`Wu}Eh+6GA^><3 zNP}2PlTC#J0jSV}E}>z|9l^45a}%M-A_VM9tdSxWgQq50XhFV+?kS4Ee#Qz(gn=<* ztd|(^W}6OeUB{rlkk3jds^tqPNoTP;l+c1-H#8&3W_E`dw%9H3t@iLZ0$5HsUW98m z>TJ(7m30#_f5>fxLK~KKygZ))Z?sLy4HxI_t1jkv(CJ!XtHAj+!UF}1rHW;j-a@2c zEBCCAN(xE*7d9F!uzY5g)}9WE|Adap-DYJ8j{kN>q+o-q2Xo9oxC%>GK_&J=RZ~{f z5cE56PlO8z|6M+#&lQ%c7udh}2lRKoii$~a(?5YOvZYd4J_k1t6UFDU%u8d#)CETE z+C|P9ctGEXqocUV%k^2v5LMRG74B^`@+y`EZZvX`89Uc;Gbb}ATlTc{;g&ABPU;Xm zTpMQ-HdC_V*4L=hEVnPa)+3(eA@_6l9 znNO<%}TpR!ElkhK5Dt6bXNaQG{yYHOWrRbTeAX+HfbW?+_#1r5UtRe&7@ zFDmqn8QFYwj`1AQMY!&8EpRi}dIZ9B-}qF@VJrQQOr4rIH!}4Y^v0|b=SDomcGfvV ziVvQ=BU;YN7#%Wz4RXybj>fE_w<%4PEaKjV+0iSO2*V(uQFziSBHclrGIslVUXiGYMI zf2Xf)yi_@BRF-t<9O{*p<|xUja~=+~H&qFY^+mN{G=T&#sLR(-Kakx~V~V0`xxl}RnSbZiQE)n2#9crY1DY7x&KVT)6cp)T;QEcH0;*`r%?UXSX+ z)`VL-P9^Z=PxDYrug{GKV`?IbQcW$N8%N0v4RxHef#usW`_TJxhiCUA#RbbpfHoCN zQ)twq1@MzTQ-l%%NoJ>zic~sC<&mqEe1Xn_hrEXrPQaB61wWc+ARbg=N<6M*0@XC( zG3hy=p}Bd)DoCyfw^6-X#39dt#PsSmhH`_b50z}~HWt)SGenJ~1Ex;hPIz|fng*h` zq^*_)7>PN{Z6w~E!WB-7qr_G7x5k1|MNMj|9?-vsI(^Wy({ngvx>mMV7bsVWpbW3? z!W}JvqH5n0SZvBuNsW18tO~7eyJK% zV_H(vrUMrrr%^oSIf}+^SUxDC<7`b`e`2XVW?V@`T6@NwBmhW09!S5FdX_zVK0jO1 z=kj#`yg-fykzSHY8Me%0G^i>Oq!xc?;K>yAamKTc0fd1da{xSVSyc}*EFgD)S<2*@ z(E>tWz%8K;B;zCFEH9TIm&m7QTFaMhEG&H z)@vjfL#LYdjzHn<)ah}2CulK#a#Ld}drf69*!+Rl$`ULpL| zG^)kk9wRvNc)fp^&q73gAz2Maw%A#SLqqbYi9O6zgp+#el1(x@|jgi7G z&;G3S&mw8->jj5`%B(x0>XCD!>}+I}0f(RjYBA%vYm^`&SHn?{wTt3ws6v;}-WI5y zCj`7{p^FHf&`kpow{`&VB!%XZj?@bZs>qf^O|4caP(c)_@Dj1}f&8P??NLu4hCzVS zgm`~BGYb|p!i%GLcZF3P#V59)9>$(RDNE(i!2BcBl{ddVg=`&A7@spBWKlWra|YRI zpk~E1mzO+xj3k2^)j?~;6nDT1!TlczWT&V{#q;CNkBty9L=u}xX%e|c=PTa504MDH zmhVC@DzcMl>QvzAN$Q0%B(=&dW0TTEE{DV(6qT2)k~V){Uqn0+iXC4x$Tx_%3^7`- z-V-SFn$(i5)HXuJ9~Cm#+hzvis7LtE+3X8gO6 zF^?x*W`&kY*>nc#>fCxnDxw7;6~Zf^_3Lpb5k*Divw`^u`g-pLJY|#-#Q?(zSSlrQ zagbp1?S;1%1Wk--K)Xq3z*v+R_DpmlFgH#;4tV12B8!_r9U>wmh`2|05D^n`Et(h) z6vyoDS}{LsG767GLGzU=1T*XzD<;zPqWTd?d8mgPR$D(0cM@?3hGPM9l=|~#Y$M1= zl!1vw8YQJXj-WhykCmNroiz;UFNWL>9%~rVAEG`JkRbRnoa0+QzQmDL# zRUB7O2c8(A&p+ll9$HdfdNl98kV`cj^Po*CW?sd-j|3{GsIQ0D?aPi$_V$bR>NOgK zcYR-j7NF??QL=KOMwkZ^ECw zwX0ma&Rwe>+B*cIeW-SotJa5@#^s^*VRrCzi(>V|Yj5o;*S2%@(NXAjuP!lt4cF}+ zb?J7mUSv18b^qvru$oPx46Y$ZlW;#*(^^>8vr$csr%{9evW<$M@w;kQxz3*Jc8~5? zvW8+PVFOzEt8V4}(bwHkyIN)Kb7k+*y0Z6bg!hU!=fo=w-Tas~f; zV+@0%+x96Kfc5gim_ASY0PB+Zl5OV0y+aS0T66RxR83%zr4&Y_JIU+g1Cs;Z-U!}F zU?@<&m@zX!6bT4cFN9d6pcx`J2%M>8c=S{ZBt4`2Y?LW@9#J%~!WL&_SZR5#HKU54Iep&1)OlFo9gDk1)DW|AZfKic?yOyXl51MI#{H;coc_+w2lf-U@mL!f z*0HPHmSbJ$tWDLf7TItwaqGy@SFwS>WppMRa`RkoXf1Bqi8rLIzpr+co5PZv*mx-G zX+dE^xN*#y5I7oN<%Tcre0bDxG;SK)^~uC*YgeCO^pTgoJG$4k_x9JWaswK#rg^lz zspZ$yu5v>fH<6nAnjrSeJ&QDyI4S90}J5J z+t$b&7O?tw?dmjJ>>rTXtn_W01x%Hp2u$OwX6uU18K8mAq%fASneXZykIN^@jP=43x#8$ zNF)Td!|(?q(hEyw9#wC)>sp4z{hi`I#R4YJuDAT^7^vgko}#iU45L}<2d*0Yv6ucn^BM)9v5Me z9O7O)>cP6uxuVvtzJqnQ`WWBP|9-eveXU$S(R!+JL8PQq^O_-_EI3a!J-8t^bm-1H zB<@CBsLHjgZ|BRzViF$g@jA#djbo*sub+VP)i+9QCD5ar zOlxn9((bEWJcL(ZgbO$<8yUIg&&Tt@*ZS=Yv4pIUS?cq{Fk|L1QFm@;p>){9| zNlKV>NeM}}l)$4i_yR~C$b~c6ER+&*B7!U$YEILUn-YJe6Pg~2q~qCeE(%{YSq00^>V&zr6c% zyH9ujWcO-!p?j*kuX|_Lx4Zsp*H^oKtm{3U|I+#YcBb3^sQu;k&$T}q_-gxcWD4lr z^A~$QwdY56{>z@)p0j(7?*3NbR|DgFq&<6f|Lg9*+Wkj?9}m1g@I>ITz^Q;n|J{UB z{;Qygz`IZZ;r|bRcK)O9gC5_RuC4J@EX!QsFzP|%=1C+nAr+b3+a_vjN7xGITW)mU zYN)pM21eB0&ucrJ*|wCst|phsx6nVU;V4oAN8=et^I@G*$|fSRnn~(vET?6mZrg-> zYlqK4lS1WQ@-^NRh}@uA~on$|#rQ ztiEIhXDf3BM;7%C>SKi+BQ1pw*UjwUcwS9I9i$hSQl_E6&#efKXpL*2$iMR=jeF|ld&@JC+QGEp)zzwLau%)rHK=cb=t@q*(2~yGvIZ>f@$j6 zG2u#tQv~dr$ctHa<>s)nCbKv+o+iLNWT&~eQrom7egWNw&)fs9eRSpxchuJIb+ME) zb(XTmi(POgbf(TyZm+HJY8PCUa>jBr{hr#|0WR$DLW^e_Wa68%;xKw%8G}=SGmw?n z_Pal)bH!gLnnuaAL6H^cyzqW_ve{~rk>|%5D!D9@C)7$3k zwmEG(Ub39|ZvqrAd&iAB97Ey3e2BK{a(o@0Zx+C8%vsP8rez`@WXlCPL^+Cyy@U6F z+gtw6a-9pq2IAyLcBPMKwu3mYuE)UR32#Bk)@g0qKiZv10BM+!u>TgNgR;o5?dLtp zobxUBZ>G6w^3JyuOzal($(P2bq`EIY_a3Hy&vy-4@LNQ#kyYC`4^pE>->D@&vt%)XS#E=v%TZ*I;uPWdFQuw{$X3n z_e|TLwtcesrn3f{B-$kwX36SRzCDb zhGKHt^xfsxWGR^uequ;NI6utu$|jr9w|Eh71c%gxaO(ubO#)R2@I)Ht4M^;8xzDg; zEt#3C$V!VN8cfHu6W6U;;x0+Muw=*bhIk91L?RYbWAP|l_7ZRyfp-_Ss-5E5{pu;> zqK?{MPAOY@F&0&+kiDkG;4{CK7vWl_B~Sx5uEC42IotgvW%qcfl+IOw40#O_%Rm%9 z*hV4C4~zUO`a&T(fG)zSURs119%TSf)Ri4Xk(M6{f(mRn#Ea-{8z_-yL&3j5zYnS^Fj_g2{d<~OtkU7w-UkHlL~N&a;0>Paq&@LX?6j}!6D-nZ^u zi>1KRHd;%8TrhY_#znpm9MNb?j1LBqL6;EOwSpHnlR+Jmd(nl z5hhoSL{!dcY9yA-W^xD(g6V}9MBqYGf{L;#dOWRbFufdQ{qO^BqJF@=%9F!eZ`2RC zx7V&F*&AF>maz0>R}R*$CfG{&er}CR+zjythYJeEI}2TH7B$@2;dL_~yrJv^afg-U zp_DqXmecvB3}*yX39`D9D6|iO%H+FOCC55&3*?A{b1+=y98U=*m*Fe{IT{U6Fawx- z8eZ@uEby}~_2ATGu{Gh`R|8Eh>PsjK^Z;!3=)5FREm(5bfV6=)zYKgcSoKw&+l5-< z)iBW2EF27>J444=Cod3#2uux-tTpk}O7V;P1$8$tV z8yTJC`(jCg*P4VXPE`bq(`q5V9yV5cVM;u&6!7jx!XgTJs!*^i^BQ7%h87{#I0>*4 zTm2@^(>Rc`-DGc`jWqTLYF9NzLwI($#BD8W5Ck#Kp5SynK|DX^zR>yXuG&?V5u7Vs zj2tJv!#w{+Q}Qs+5VmA!*&Mvl=9+UQxEC56DxHo}SZgWi@b&#t4yX9CKrUGlHC!6| z>o^Zzwp?_Iq+cdhk&rlY<6uiF1}`){;=q`lBS*?yw^ zNc&wl^M7%tjy(VOw>{VP>9&vV_&eVHo< zb5TS(MZCF9qdz3b$GjCs1!V)pQIX4{c>!LKQoYC=oEJe~Or4C0pg41&Ta3$57XJd4 z@*H%4I6beU7v6HgkkN_JN5Jl%3QbJ1a7#plhX{}*ScB_o3g*^`z#lBTX+qQdk!{Q?<1d?0c3E@g03*T&+d74J#Bse;nt{dz{zmd1%~clCgbn zudVSKb<5nwHx`(>3A@?e%MaAn_`!xBAIA2szfBI-*7$K|fPX{#b%+;q(ho7YfuFZV z$<NI@6gGN531^T|B@&h6N=Abd zjfNE5k&I4xxFg645sB*A2vpZx>fvXq(fxWPi-6RKk%O6$3pe}}Hd;T0t*LDA)*JOx z7)BOlcdU^)X2$nESX+y*1@s^IDRp$)EMY@^KVuA=`SMLL2HTNnn-+|XIl&|qX*Bw) zmDzz(c|Mf4f@@JhwUkEMOLF51LH9g2k5t$pYZSrxB^Uj75tJ=8#%(Y+r!C8nb8{NA ztwhwC&73ISu)*%g3WeWvyW=!FT(r6=F`mJKy)Xsymo zH_fNhJ#^28U1>8V`2vMZ;EHJvkP6EnB#(97%qQ)^SwoXT1JYs3Q9vr*wKm)`uK zLV6PCJUET?-w+!LS>~qY8XuN3H}<-(HRY#=j~aP(P0y7USOO@wPys6G{uQLuI2Oqh zA=fc^wDXctTMIILzwapHmZLW&P(aSb>L7bO$}N|d_*!K@PIFThzam+;;k~o~tKoD$ z+o!M-Dk#Y`OF%!C&y-7)oH!-hi(7^!4o3Y{XaXWFQ=viChJ>_igRn#L4K`-wueHXM zMGl{!<@zwE&lr6acjzWNPQN^Rtwnn1K#T|7WXHPXCOI3NuWhp9I+uqYrtpsp&gS^n z`r{%*oD}i%cU(}gjTR~ii!RB{su zeK!^;>gWHhXISiQ`$6Ac|Cn#jU+($(p3m<2@jbJ9Cic8#&%xdQvinbVU*5gY`@h)9 z|G0l_=dQMYZu?f-AGW>F_Sv?dZTmsIxQRa{#vu(h+)Md&rie7-4R z3B?)077h!)i7NGoZeNlY4J3)0L&!V~?^Qhm%lbTOAcvfW+-6+3tWOy@%`@kRPy#8I zR3x`Uu8$;A+(i-z=Os#T@%pN$Dvy_c2WRSK3F>7gf=Bw!t_w@=5kDQyFlBWhJ8&0C}x9KS?@kfk8#e^bgnlrHJ zvyYq@9T^~{59qzw;K$vfR)u)hpll1Dpn|ZnyZ>cDr22d1^>(x z>}3L{zam!15G8zo{WjG%>_Rv+MHoUXPeFmfK10G01`u&##A$*}#;kFAJV7}n>aE&S z!mDtmjydn8J!m6Xy^d2IedLqXyiu{iSmc5ko0d8j!6#sd=5V_okPhR9_w|Le?s3D_ z;zHVP5&4oRjit2`TwS%?uv&CqZ)nl(()|F&Snn!V%2GX0u6AOrE$aCSDEncoP!56X zLcWfzWv$_la4E3>Hd@a_x@~lq)1kF!!#R+Fk7+EVP3>S;g8aaFd_0XYcKy? zx&ptDh9~fQwV;>zwK@dsZ4%fT9>xl6xpt8~vlSOKYy3_sPFJd)ty_JcuB}ZmnPize zppAPNG;XZ}+8U3Mx1^+fQ?<2od_demYW#X0Xv_=-*NLKJ9jYb7H6UvXvh?%3EJX?V zQ`lh(0aiSGo*Q4r8v?9g5#fapxkY5$?U~jLH*6m~+Me4!#$XYFsSwg0kG1FDF-Eoz z9%9ce3}bHF$0$=Vaofk(fz6nPVf*04p1CDsY`+%G8EQ0^P+|Mv&Yax#G3K&;@Y2oJ z8+F?UA~jF40dRoF>Lo#59g?;fr9eO+AP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%( zKp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m z1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5 zKtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7; z2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;Yn zfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB z2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9 zfq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx z5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C z0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM z5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI z0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVX zAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO z0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0j zARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka z1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m1Ox&C0fB%( zKp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5KtLcM5D*9m z1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jARrJB2nYlO0s;YnfIvVXAP^7;2m}NI0s(=5 zKtLcM5D*9m1Ox&C0fB%(Kp-Fx5C{ka1Ofs9fq+0jAaKhO=tU3r`Y!nP{J@?EcfY** z@!r4hy}0XdcfEVpYkGdFr>FZzyYKJ%Y?s#gxz0yB{=8$cqpN+Ty?y6T?|gmR2ixQw zpWmScJ{LIc|6PCDcNL9X|Icz@dF&pazl)yh^7-*of4{HO=L>ZCJAG|q`AoTFmU0zo zBA3f&4C!pSl&xke(&W6pSj-n^r1SY=wzOzUle0#l5NMBtBVjolk(H>VsC{a@FA@zV z)Nn+>_0~H{B@$O-zOMy}%cC@ifei+6zEr-DE0h+cfzsT3zF?HSJB%h{k%a2ip_+(> zlL_DN1oF#gsKcaZhXd7eL7J@SMI zjlp{<*Jrqtlg=4MeGX$dtJ7t#uMP(_Ef&{2rZ^l-#IUU*zUKmuFAq_N_j!KwP%%@= zqK}cGw|RFEjV6?Eto4h+K~>R|c-;5Zz;e&>AocKW&mJbL=6pVrFI7$HY-!ObGeRJZ z6c_9zd_p%d04(aWdf6yeh=gPe)ASgQk_;x|sv2t@4(=o)s)FzR3eEDs`m^jB&f6x= zN%r@*;QBDNo zYFJ5lbe_O2i-jYq@3#Zs3vabiZr#aadcmG^eW_5=v(jK`vB-W{$m=$D8SYYWTY4Xv5QxlU@UVv-C zSWJm3t%O?9g7HXFQxxA9(c4?r@6ENa&X0}MX|;E6VNFXUl$LFU-ms@ME$;gQ2*ok# z&6`lTdK)mx6>xdk*@vh@?=?GA$eV_ALeE^t zmP%fHRfz{9F)f<(>?0b{Kt+6?$C^D#eR!`~!tJb4HuGS4MF&>kvKm0*8}s*3F_{oXLrNp(i~CVxH?%W(?@Sa_SB#XSwi!eUNsnt zMq=0@zZNJhYt-eCXP5SV+@xfvs6h}LE!irl;f@jk=L`Ej8(7}E9N&j7mpi=sbO;gu zSTBNq##mY`m9wUlFE*gyNgSgfj*y-_wr(`2DX}6%*m1ZK^?f=pyR1@=nkNY3M#Y>3_l3MVTq=VnWHI4h%PJDo z@O4-~&9b->2_~Y^WIXKq)j)YUN?o1t?25K5Xh5u#gp>jI>rfB~pl+~d;~%y-*)v)5{7CV%q!D-6x$o z2(IadWHVFN=e$5rf?@E3xW`&of=Ut_J>mOQAiErL!eD zQDPnfqXJPf8cQZM-!BE8SPoG)M>pzbbYh@?bb9i!$*G|+@6IBSRlFb#2O~Is#FM^X z47_tWNS(dWv$M%3tNCHTlLzq9Leox`2M&f7cwspC&NKGyM}j(2zDIv(nH zL;G*Ef2{pIZU5Bv|Fr!<+xr7P|F`^K_kYI!V}8Sb#-H@x>-#e_@!x%4_x+~t4one=It;=t?Yvs~u zcIEZf6=^YFl;?2R7on&_PhX_uba@JKy!LOsP=N=S}0_qj_Udn#|A4>4&->nlBq~d58{qQl_Ar z=COO1^tr;lZ|Ux? zv=x1r;tKei$@>Zpy=_P`TcmO#T&7_Zi3^V!m07(&(mNf*cvER3+bz+}vM~=%)?GGo z2F{B(D)x2D(rl$NZ}x>k^r4Hhc^r3)OfX$2&6xA03N5P;#J5B!tc4)cq3zj<9-OVr z6}l_>3~NBIR3O_1vuL$w8q>ytZer+Y*}4Ih1lPUPFI8wob?ep2Y^e+!_3{OramS6k z*`3uZK$iCyN2lF1kW#grG5YWgP~8|aVD^0yEi)W-r!!@PsdI1>mq>xuN6V1b27n~& z2u9pBag=j@kt{+#GN;d=y9W-Z%!SNs$*d6jdjL;MQvKGPNuO-p$drm%h`Ka2PK(_+ zy6`<+qOFw z*qr^WC3|!3#+A1=Tb=7hnEUf*wdg_4v-x}-PPu22b(5z#o}Sk$vwgVhOy;3(tP{mngJ&X>xdvsk6rNjiZ=A3B#WRbq;Pj-X&#G8FD|vr_ya4K z-oj?(xHSVE)5ElOAYodIXS&;3I+(y?4HLNUdsZ$z#O7}~WW61@Nz|cE8}3=Tbd>da zpVh@)*XF!`o;hPffZ~6l95RF~2c*qyrJS5KU zSUltl2V#+U+K44{vW~;DtQv+cr(-!y&Ot{B?SmGNs#)-Z7<59ujGIr_Mv}Sh=LITlerU{=(hRD(0(mS4u0F!fY-+JZ9b5HWzUTI1Snl z#zi*s&0F9i)PY5gac(v1`bFZJU>N2)ydj&P$%8e?IAMdv=QC!|gpw>+D$j(7QxJy; zhr*!OYG`pTpOLd=Jy!|2n9JhgVsLgTUCw7^y$G#46cvoMm^!HnLTcIw$Bj%j5>*XI zzTtE>jsu~Z%o(a4&*@1hWTQzfsb_MDL^7)xYD|ZID-ko&u`n(sj~m5>e7RI44my%O zrnq{h@dcsiCw*Re2|JYaTbU)k;f#eofQ`Ofx^ST?mmLjYsLrJFnOWT^NT+mt=7=<0 z01eQK(z#M)_K5UE^@*xlXI;rqSP3cdTgAFKrDK#(Ce}rW+w4iQkKv?(<@A@H35`z- z4)qfqUQtx4qYlq^7J@NPygL)WRq<#1HSsoaA_ zpU(q?q5=J8r6i>dsZxcm6K{^>q^ikuS@VTz@xl>l1acGY4+8?#(-Mhnrj#jFp;m)p z6r-C5-7g<;4HJr}0!(St1~v>P%FxXvX%=tLCD%(K*GoZLR^Sw-Ra&U^u3QQ+n)7Uz zMROc^VVnEY7B{}ryVLIX2KOe|Nsv)zOX~RoNj-AImCk2-RxTZ3s9o7wH*t(3dE`de2EP>s`L%C>5ARrJB2nYlO0s;YnfIvVXAP^7; z2m}NI0)c;{2=uo7rtco#*L=H=?%unrwCnL*V?7`3taZ+HPIeycJluI($A9hkQpcw{ z^o~94pKbry_J?;~-T9|GzrIt&E1%i9Z)d>wAAK|M3i!>oSF8_IYJax_Dks0+vQzNO zZNKZw-FgHrU#P9U8_F%e|3fF4a_j82tq}e5^YA<6p7H0&3S59IA*m}*EX~9AEs^i( z;OHpa=XG*=h7z-sO=qCa&5`Pv*(&0(Y$OfUyqtg^l≺h@4h4VL7I0x{}K!^my3t zHf}T1F}xNn(=i#2jX5|kQm5{2Y}*Aqo}shl&atDT-u4e~BR9+#v(+>+0gO(Jp6H*H zp}>9uhT#zZmCPCG&>XCwMme-JR|ri^+OD>t3HyU_-DO~?EaoxXGHdgcaZ%5d%Eb^j z?1$iotSM?V8i8kOG#U*nTHG-xoXM9-1C4){^kQk@h~#$Z7}Se-_@zEpohiXJYr(vb zUuyRAaN8STeTl@n=So@T?a%DzNpw#3^Cp$~)~xgqC2{ku7}E+jOfWmf)6lA$KybEC zO1Y<+DJNZO%%`!`Dtf*MGXa@@Wl7FiKa`CbbAhz%jy--l!XI)OhOgUA%RtK2Vzy9- zM%dDZ*MW!4e_D~?ZR+Z>Nqyhy5-@6D@j-zLQ%DsSUqmUmzn6AYq2Y;gs|jHDsBiJs zQejQVmDz}eln@Ra*PXR5Zg#KyjS zh?B@0Q~$S^^dGLRUF7ZG&fE7e>2G=J@fC~iuh=(LTU+40a7*-A$Mk<=v~#?+R^{zl z0Pej}vNT#-tMC@NmFjH!jjc+ z32SmXkyB(9j`Xsgi-IBPMmCZ)63KKliKRWyUg8b|6Z>@|or~sRc1Fh~cgL^0qqbIL z7q|n#gzZ0oCg$8t)ZGX6*47H_4tGJDU><0zudl6LUfIvF217R(kIJAy$0^HU9zxKWbI*#i+ zZ+A%oyGs!;B~dgfm>f%%MA97W`vtvBaY>01U*c1eA;Gh=v%m_AU1)bf5PV~n04d06 zoyJMy__WE%X__>y?b9^v$w|^UN!!$EohE5cn>2N7(Qe(Gw2n{XJd1_f?>=UB7TCpO zNm`HmJbqyB%-nnDyLayY{{IQ)hF>j>mCEJPWdE41GJMu@vk&`c=_~3NQCDEmJU5_T;&VLJ?j` znS23mK&pPu5CINsk_~?Wr-y)(R0m^$aM-5G(o78-b%L9z*-UM3H(=N7(6+1t+{)f= z4syEK=WP#LKls2^m^Xms*u@Afr;Yq>yt!V;k6WGwt%xG`IV_f{vWFH%_f`4DO@GAv z^Vj(oVy46wV$+*<*J9&{$UBb+Mtw${4c;0)_F?`iv+`rVJ@R8M&AY?r&bgtQJ@4%O z#4XdijvhOu>;muOaKv+Lr`;=>f>$``8V2FDyW~A;{&|isnQ+NF)`EP?O^d}foQu01 z@f1J5gju47cQpdc|9^-3tgH7syrK~r*RadA{_Og*9DuI+JBovQ=l6B^E#^G))^xiCQ+Cn8l+81TOiMj-aR=hbgTX{5 zq3T8?tVUDWpsGc+sG7?dIrwWK-Y=7Vz?_frhXhl0u`iVi8G0xeH|{s*nXjhXEqJht z4IXTsIcmDy@`(ly_5pJ~$gc?Y{Nh%4X5B2C^URgX?fyZ*D_-oF1$&XXJ}W06xxwdo zinCm+dBat(T>G-%pDJ1zQNGHUHU(}8G+IM~2qrBnjOUWh()Q>~DKZQfKCoT+BKR7} zn#>VjQM62HqRJns@SF&HnMe!o?g`;qy_eH%$kr^12P_@SO2OPE`)ystsr=YPS$QR2 zEanlgP$=Y!D`_J_t+Wx*HY}V&iYyyh9Uh|PDZLZ`Ysj2Q(WF)lZLCQ*Bd%2f@GB05 z#sBuR@QgdJu4tpIfZ9Q-2bz2?m*^?LoU+*bGb}h44((QKf>2^Cx(L04b{XXiD%5cfUIf2RqXYckVFt^y6M5#> z`5b)wjSBt{Y9Z+Tn5ZN#E_F4PksCNIY-ZgGbjerr628qT^d+0BY!^2DgywCDsz5X6 z`}wIe9pP;4MVqa?gCD>qbDp_Cy4^yczX+amey_6u8j<;rifIUq$i>@ZNte9lbdNc| zhYw)NIke!Z6iX8D4;^9$n<2E#STH1PVeY^~ezCI7b>*wtSW~&8OV@MBY664ZP7JnB z_nPykCYT6pf%dE4=68!+b|L(eRxr8FqQ&v5Ajy9k{6(Tng1|v5QP4Mlh7;tf}p4ub_Bx+dyeW+ zHJr-E)M#AGsHt!!sm8TfB&x@A(P$zALcfzgB*^xKzLXvd>Io>?LFhlkuLwea!9nQz zoKG|e{bqCiL4HLjTP|>A%gtxZ`R#n2KQ+Noz0fhGcetZIclNk)aw22pTfwQqBK}tM z!maHejzEm(wBqnYK|wkuWUmoN6m%oI(98nucOzyaW9d}D7a$(5iZfIwRirwFt5%$v zl-9gPYx@ZE1Q#-Pb*gAgLdk>pE3Qi65fU&dgd+h&)r}OPxhXKRTt=u}QI+GVGSEUD znH*Oks~VM61%aR!edK8#I`$+Z0>=63Kq8uo2D7>z%S4j7R4$bXX~CSKAj*+SZeWxR{N7i+E^d@a_at-lrP>YBb3kgE@J z8X(CPV}7rt}^<7ujx4M3(>leFbd%xNHnckbduWkD8n|^Q8uix|Ed_U>? z0bj-Uao;}QJ>Ktnzv2Cg_s8KMu+8i3{;BmJ>Hc(gt-FZFzvABG-sWEC`ZL!bxxV81 zCD+d)3&2en=WL^YH%nFX?)W#m*PK7YH}5A8@y&a=V;a~Iap!jhkF9( zGK7%@v*vk-77u9zd4#xXAa08p306GBMC9HgqdD07Bs<-g1hhl!YN+e)TyT2hm>Xw# z-}viW$6AxLX&J*G+XG^)mbh@I2pPY>XjJkph~K`V{Gap#!Z4RijO81r#KByA51O=RD^9U|l;LEFrE zmdnTOengD3*~w4uHs_DZXqjX*2O%uOM0S>?$I`T4>PyAq z@i=q&gUHU3^jNz2OAe8p<>;}WXcF03iXOLHY>!LAKO$<*vkX0M_a|Q#Uq{F6$|}Ap z&b6%Oz1PIGI0Sn3IaeThLHUa~a`{<{0P`yJh()eMUMh?uArE8!M@!`k#r$aLoF#)N z0>Matr_oj6xB!8;I#D)|bSZxh=jX7YB6pBh;Cg?Nq^BX03Tnsu`4|pH$e5#+q|f~! zM)I#CjSq8p7%5Gv)siY2;PFsFo`fva@M9&&`{VGO5U*2Ft1MB%I4lLlD%>aV$QbmZ z@Rul;CWc4w5VHM-wUCjBXt7*;u@sA0!k$qWV$ZO=4GsRvew(4j+cd6%8G{$49pP`g zPFUH5oS##}@d62qB7sn%*(#9?z;+M{-7T5baR4z73MBv@w>rQ)NUHky0O!D3vpAil z6PnJL^Uv@Prxp_*4i{4I)K0PlvUhqP;e2Dcj_mV|kq?&Y$ZqhO6Xrb2bmVr=d|UwW z9_HWLMD-&~e~|B|LAId=*^WYh{~AK-+p!t`24B;OGsQg1Z{&6hXNpTL=(g1RW6@Z8 zBYV-dA2jEm;0;&Bk~zrl8c$OYSeC=cBCwa52<#@e+x4*P3oido{|4W;eZS}XhrStK z)%Tijudmnp8{U7>{ij`_E~Tq?!~b39_k7p$Up>F(`Dstt^RnkTPZ(YR-*J7x{k7g} z_k6_tTkc=p72PRTc2>Dzmiefd+4O?1_ZhI7t_?O>6ryg@L{ zS2y!iJ>as0PpROtt~RmX()U~0hiq}@;NXWYgukii;tJ!k;!%twoK1zM=?dergd?di zj9hVYS;CL>G~d`)c7%*b1erv2H5SRhEj6Tp%R(rHie&p4{3nJ)l}T_}!q-$7My~W} zp-?mzj^~(RMEH~n!^jl}mo>`YR6fz*vhFkIU*}hZ>+lts!)j*KoX_)9@+}cOa;0NF z>+H#cf#**iz<&d0p4o^09#~X$fpb}_dG9rFS&lD&$#ag_5V+D$iWG|6u|XGq+p3=< zj!aGs2Ej_&v`F>SLe~xkB!1WQ+(Pvu?cyxClbC!%`@>T{$yaK$I#~_-;r`bvGMOQJ zsQ+BX`RjG=>Z!oLfM3#><7aDba}j8fm3j zN+>1IVm|U!C0}8=Xn1%Mk{2t*Qob^^V*Vt^qQW;*2pd-{S#;QOU|eBGif{*%-?g`v zH0KTenapb91AY%P6Aon%&mYv-Tq5<)pkrgLkW`3mF22*C>){Wx{U!c*y<#yl zJ~|rw$lCQR(=h*L`Qn)qV)0sVBzJt1w%?+iD=T#8F5P~>oX_xv%i^tCu?4F-6u~QL zyd$BExU$)KIQEJ)tAxK4|63{EDEJmmRe7CFc`OwDK&!B537h zNh`rGy|eC|?;yiAJ!Z~dpKn8S%*V3e1wnQYk`75o0+J!G^L*RxBqp z%idm55zxtgoS#x(pFo)@Tq+e+O*OIz(%^BXOrEo-A7d_={Z7xSsS%dfv55GKL>Otw<8dt)3mf5VDjq=&NibqLI0 z>x1Cbj+aZ-5;AVX+aZhWxp>I#k>{UVG@NoFKb|XO%VKUP;K^#78Zq|6RkiJKCz;11 z!Z-Qb>=#~zLnkJR2w-kxsFT_5nnoK`Ue}Pmny24}I4y``WA=-IS#o9HlI|O~w0?Ct z#B%T0jE*P=*XHHy6n;xzqhI(a8|9Y{A6`@LJ>bTJVQqoPp&?j1MZRRtPx8ZLIxh~B z76e(OM7Hy3BV`~qB(HNNR;I$)dM%6CH|BK>ZRa@zps^|zEV4Gs48Y7i8u_F12rff| zBReef|Btz9uHIklt@if!{Bh4u_6+tsu<3U;&238G^Syh1;hyq6dpG{`jbj@h^WXA+ z)_>aH>-$aLai8D&Z@e#fH*|lgd#XFq_3f^o?$Wv*-0+__3~qQ}{qL-wTc2L{y>-8^ zuDouq=Ubki@Vw%=A2k9`yL(-~iJ=z%OOJY8?yc_q`@EwZg0AE6##Qn-_R36ruS{@P zogCb(r;x(5skC2gAc9I+2^5M;rC+ytdA*}vLWxK`7*FS|Uc_>&Z7wKk6^{j@@yQX? zH{9x;er%t2#4#BW1P|>ue9ud$)KXy)bXiuLh$Yz96$9aVWo2>%nd^rQ7E#AJdPfd& z$RqGlZvjHGKN1T?0m85~{b9$rtA#Srk5U@3NGP4NddYRvOBA(hQn9pQ^E>LuGjFDO<8)j~3n)~#Ojj(S1zWmG~+XRKZ_9rO}IQ6E&t3Z^xy7a>2bZHu8g z6pFYcQ|V7wy?mmBxkUTn_ZLkh(?eD-Lml;k`bEK5DE*q%%WEC=0<q-sn}UmsdOJ zCBljbBJX*6(CTHdgI-W%GZjfi66udyy$FT*+SVxCA44CB@Z>A@G4P6GGI#G7K;6s) z*tlT&Wo!DvVz{>HvjUj$cqE>F$?D}L$Lv>on4p4X9MMbB^jWKyvmNw;;*+crXfl1q z>g7yFytCv%2p9^}4;(Zc{^hv81;q$PzxuAj% zicI0CK4JB8qJz04`$4Tx88`i+)r)YoU+Y{z@Di%q^)6ZDFJkvoh zAS)sG;zrZ^tX@PRv9&EL3Kt_J2;2Q*RxcmxXfBAu2*xAnr>$O|UVAUBU~mE@-NNao ztX`h#sFx75N0CVSNvoG9JLrYg_D!Uck@OQ*FHdyT3ks;C26p;!tCz<+=p})gt>Hv0 zmL9Nr8R)1NCe|gw>6Fz=s-s?lsc(`~`$X@Dd%Zp1 zUbo)!C!RlmFTl@w-t>%m9`LMp|G4`}_eT)}(CzvQ*Ee0i>-v)G^X?hM5`4z>`G&yn zKIXceH~{zGcl|-5v-i(mJ^y?CPqcd*_r`Wt{+6}hXV$mD6ycHnzOHM`m=aE)nT5DC zHA5BBW7b)qi${k2x~}bfz^p&OTZECtbAIb1tE1lTV*IlN~&Mghq%Gls5Vp<(=2 zP>T#fuS^}xH$%m-+Smwa<$D2nOLf@43oO~#n3b)ubzw&Hb+f*aZ}l0$v$?LlKP^Dk zq7AYo5~c{gV*K}tw)^9buef2QU%S`f^cJ)3=Wv_C?CQGK!YXjOc!!q0y%B!N4#cVI zYdTf8KWo;#yyYrqLR{Bu)BBoFqU~nAn|CE_@2+c2j*8pNdKbScD=}W{a=?ABS>J$* zmgoOfZfB2eGVAMktFW_Qg`K^=jyDJraMh*&A+zq`7X$^kx&w6;VFQhYR2=mgR$Gz9 z?ZNaANgz!ka$9H-9jOxQZvK!oiuOTEoD3$S;Rx*PSNRoTXTR#OvtMyO(PU@8%&&+A zzbftQbBD}%k!kdY*KvHWc1&VUHi{cAwP5iAy{mZT)-=cAdA3I1OChr^s`uO0`TuU( z)>~7qRan;>4|Z%{Uo};0?R=Mv*{*!w-@=Qn315>HyLTg|;K ztjNne*4C`N%rnav&)YubFq@0G2H{t@R z-cxc(+{T@@WWyD}Vav9dn09fjuB~SMew?x%nH9}-tq(_hA{R6yl%4XX12erb!OeLP-kdV^W-;naJ2O19g{5ggt(Yv8Io<*7lfH}Uxi`scdV zgO+=mTD+S!Ty%ZZbJ7pL56E@m2!s1+#uofTattYAskDN4{u>mji6&_z!oIF3O<4ED`D2Z;yOb z1ga^g_#5)fclOYbgjpbvEeV_8f{?Ht&7$(T@IiF3=3p!a?nRW|mg2B!GeZ!EStyFf zs^DPm2qlb6(ugJ06tsFs934c};%rh=!+JE8i0k1nF5^34@hbMWW%j}57D{PGD2Z=N z)XA3Lmg)GmSO{<9nZ~z;>9IIok4&KGGPlABsmhY<%%shFf-lkBqyWh5m?=74{rq>iwmh zQ3cU#PItiJqmePA5~|pOHcRV+2nzTezzZ~(NJbqpI=+E7P%j?30^y{H;J-0zL=~9^ z%O#fiP!&@sm7S@JoMSF#k`jq{C>#z&l2B^HCnXeHS-59mhm9oAjU;lhm{W$oE7cc7 z$_OVb!$T7f9ew`5{!=GTA3b{L=(B=ywiefy&^Rj)TPDo2w(ZjNcQ_6=xNrhJ&G)%H zqs^U~S>GW}ppe+!(=AR!OZfA*7v3DN3}vmDkw_%!8}^PFE` z#h%N&%ro;R!?(!Xm*BOiOv1lV<+&v6Q&%Z!V+KSzmV?YAW4m3`O(NZg%=&hIRb-WL zO?O%291-=&r({+N3NQIl=SxmACHWrSBDsQTCs)8yM%rA#^p0FGlL%^1k09*^5*kJ_ zK{b^?xg#TqAa^|;Oy+bQT){5>l+cm5ru%ZKBy&~!k zjRL=IvNXgK6pR3BQ)y8>You~oLJ#M%DDsiY!1+Iy%OX!@BAE>$^JF3z(qM#*WkW^^ z(TWHP2#2$YOfVCQKkbma4rQN2>XpS>3?#|pDgKruiL&!XRl$cka_%jo%nw4xahGyS zNiu0=j&f=*ls$VdoIfa~2;r2kDvNG7!LvZ5^Oez;*gpuQt=WXz2pY6${fZpLwAZXZ zB+e+Qj-9sY<@bF*;Bfgc|5hbuGtEdKONnZqshI9%v%XW1K;dugntl(HKx-@Qa_$k3 zJLfK9Muo+f7ww@H?F@_0r`sWk%>KXCwczS`p(oYz*ruBQus`bG=6Cu2hwqENANJLJ z1>ZB?zwv&?d!zdc-AB3~@7~?@uW|byBhUZOBgdcaI@FNr-*d$u-r8r@U*p^FN8S)b z<9f$L<8TT5Fk(WGdlp#*n0LQSip}K6STLN4qQnxYWH63WfSIV8f@7H)&&5(fJsHXc z6OmQOkzx#_F6CqFRZjBk^~y069x4Y;vuNS0HLR2@OGsBM!U#kbJVb<4S(zRr9=EAW ztF+1;)Z6<$X1I?;ScdyZbg7iV5d@tLqS&<<+LNgmx1A zOAwhXO2ZUaaw&O4lgeVaTlFii4!*&ju)9~4!8efT9uism`RHTWQDe$}#32#dGa66= z1q2PX8dn*_^UFT$e4T(U=ZTa~){NPftgsL;M_oYi`aG<^0j>1_bXoR*ctQLO*}q%Q zo?(KgbNK?YCoPfX8?Pxx2xLoRsG4Z~f)9lCXVxefRjb560Cgo0L}gt=HfQ8RX36*2 zvIkfJP?nOoY`kGLi9jqCqi?mKv|-~3o?J@Q@oJaCUldT><%Eih){XK}%5HzoW+OO& zP>wiI!7m0l{;!b|e$8qAmnMl^QTb{Vkx2!o415caJsO7~Ta!v_g{!5aUv(LQh$HPX z_{C(4G6EU1{;FVlL>U3sb(`sN=-UzZw$?%#O~(wF7Z!?bGcVT}JHz6v8!g^f&H5{1 zCc7m$xjk-XX(@qIX8mP8LQM*I*IS6NcXq|vYna3ybnZaD{~Eh*^#uulC5u3BV7YzJ zte+KFJ|?mB+)?s(z^tF)BVLr}bv+^aS7v=PKv5`aqoSS4HR zw{_}V=Z@nDS@g@=c+Oz@_b|)I7YPRB_(%gF$7eYJbd+2~nIi;yLmdyA&q@vrBctFH z%1GjmcF&Y@=%#FBN~LO}663PQCuag6k-&aY0w9~ibZX|Yi|?|0&hp*Z)ZEE;0HlgV zbU9Fx0CQC}{%$RfFVWhscxHmARhBpNEuwfBTNoKFn%B-OJ-yScKhHlKQx!)@%_d;) zmd%6nnWaW;oKcMWvAm~^7H=(R)}Q6?F)QM*T(#RHe-=~sP8WA{P`Cl)aK?Vyvs|X= zJ$xH3e+%E8E9${lc?dS-|F!2IVDi7}3Aom6_WY&ik37Hb`J|@|Z~x!#{ng&j_Fn9L zu-Dh~wN1%Qk8ZmEp6~fz^e6m%{&l`T_WhjiM}4!tk}v7o?)??-KlM&`cXj=F*EhPd z>;CP!&#n8^y2*8e>mK#IaGcs%a^<^CD>kGQuqGzIVazfjJQ{v(lC{ z+nCvcaDtTvli9}10IBeRwIH>PA2Zv{g$?}Vos-_NvmG;DXOA3Go{Yq2-& z9UU&13+wsroR&Ubvo?R@w5qp&ZxQSrfsV6@IepuV$}Cuy1?KJDXz`lo%mqZQp-E;) zcFn#&SQp{=A=Voiu9htKN|yN5odyjCq!XL`f{QQ4)8f3HZK2SRI}I!+bE|Kx+xC~t z`W3OWtmD$Q$=~*I0;@c8$+vx1W}B??5wm`YUp*_Q-L)#HpaQtaACvTR2J{mL1m28g z^0nV=hN%EpDqq{uJ>#U3=lK;$i)MBNA?U{=MqGsj6^3{t21C4VXlgW@O`>Ljj#`6J zP{~RDlmu#~FRH~1Ef`E?KqV*mB}t2B8nmd+k_FpTa>hxE>MUb$V|oo*w9BlQ1uc>* zI@2*N+AmU-p+afVC@6=j#+a-uxQZ8E1La}POc3vsQVzbIkQZ6eRb`xyna7yQu6}*I zuv>xfUCC$pZR`nQd_f&JXrD`kEEKOcWf^b~2x`nfK_X1NQX$vizqKgWSsI6%ccwT7+JBzIi^K--hxZQ zJ$}%Fba2oSGWUpReWY!DfJJKZmQiw|&e0NmDm=JZ)@qL|xZ#@NNpSHsveea$uaOD6 zEN6A2#asKZSugT!J}ceyX5JqZ!?`ki>A0x7>*%pl%C2Q{CpMN2i^o@#tt!i3Xs_RH z{PSaP8RrLJC>RENRT)t;*iRL8kDqx94q#h|kI(tR-yU(PkMVW0j-q9WOQC6rnFe}P z5ErR|p0SC`?VT9%yy!FQEDyQIEsX^;o14F1?65q)F3lPtI? z8~1PA<^MDPANYU6|3&|df7l=MKkWN!?hnJ|J4GOEU$T#!1*P&1)$L`CUh)V_|TqDD3Wl@hTb8n+=9^L3p=X&omg)d(8#m;kre<@l76!HG|#3YP);fb7Qi- zV`lWZiEp4&V=~K1 zUXB{v2E{W}I~rBXyi-xZ5v%d2n#oty3r4ww+Er66>uTAxu65M90<#HiSSS=xM=ZEh zaMD?A36~49E=qK@ENaD^M;)%Au>8l9-va`mv2T-{tut{&o7CAqrU z)vh1xCgD_Uk!nt^nEj#2v-k!hS37x^l3d+zlB*s3iX>MzcEmFoEt<;Y)I=@`g?=I% zSG73;2OrN>%K|!#j&~c+o%7PCCC4uItMS15X zo(gxGy~fCnSPn}^)XrJq8FNA8)tV5W{tcTJt!4f2y^361@<_SCD90B5Raz}xQ!^Lt z=byri)Ue!mA5spv{3{ZHm|_x{V?f7JVCS66ST_tg#m zX~WNN*ta3DerD65O^Hp9Z0hy>itiu$-tv`wXMG>`b$kE9`!(-B^M2at-P>z(LT4j&KW{fN)4|%DP~E&Jq3k+v-p~>DgLD%Z@~n|z;~`e)1RL%kH(iBm zb3z#-dE&3{h-MRdRtqK75HvT;rWjT;(U`7gk-#<Gi0*87k` zbBDh{Sg*>)Brmdr`YnS>X?zTcGzU>s2mkvdv?i>U3zO}{?Y0F(%br{GBxFVAS%POv zx!j6$|DYVUQ7(r0z8vLFueU?@Q?luf*Sep|md8D}bw&ihuxHk6$$NdMo<=5V^xVZ8u!KKF4ynSo2 z57pjbc^+p6(STxk+uwmR65m>@Q*vc>YbX$kFE+ln@vCC-?M>El(2;hgafMmSn@#D< zS<8iU4nHt>EnDdH7$In~fe%iOjZb8nn?|bHl3tN*PTTsT4m0^;^MjmZHaDF-auTBH zc&P~AKKqK(cc?KvNvtZ%Ig2f^$lGCS4gnbM3`^3|w9t{Zr24ATDczT<)^_6Uy|uZ= z`N^=um^N$-v3SM-UKrQf zlh__u+vuX798UF7PiYeIk!AOr{jLVyq;1PB2_ zfDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq; z1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{j zLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQf zAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y z0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX z5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A z2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_ zfDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq; z1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{j zLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQf zAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y z0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX z5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A z2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_fDj-A2mwNX5Fi8y0YZQfAOr{jLVyq;1PB2_ zfDj-A?kEDAe4lsi@O;YC`=`BM?S1r~NAKy`_}z_vxbe#yKfiHus_v`9{1Km zmCA(S`o@E&LZL|P&FE!XR48cU6=T<#yfLYq%ny%gyZuj$myM^M z&`ViE(F~6u-m7U@p4Ji*?bC9Y=F^j$F^S)N z@T`If@EMAp(P<$+%5G;<(DFsc7+I~V^(zMfPH9q|7{{~=1tnvkJ0pu%t(Mp`xqNv{ z%uyT1=;P(QRyELT^NT5%Ao}L7)bFoUwdzD=Krzmb8|D0%fq@HtZK66-Di0{nmntL5 zGv(5xQTA80;mUwtRkUhV(?|QW`HEgTXOyQJO;xt4{z7S3ywm_j#w@ZEdUZf4Ro<9j zH!Dik$mNSzC$<(9qhRP&CEZw`y+^e%WAAaTI{(wr0hGXyphi;O0HZQlei5v zaGM-4%Ip;tr8+fkC{HRuW#7@XQbaGx6Hh4*0fS=oBM&`}ThPmZf-bQgsu-0`0IgyQ z@`vLl)+P4h#8`2Nb;fR06jga_&q#UCWA+ccidNJOM@t6aOpH4kCMPEyzbd*`vC3Ke6#B(^(Wm5JhLu{2rq7YyvT z0cFg{<|oFmW|dJ~R+JE?zJJ8fN5!|H95>2i`AP*{W9j!{pYsi=U<+8y0H(^em4?9^ zn+cmA{Xfm$|I~=VHgajAkYziuniu=9I$~g7<36oeRraOvS?Uwze055Bwp^MR@5iHI zHW{|VvGgaWDpg}FaMCEB%j<@6Y_iC3IFxHKA@(^k3>?$hE4~!H$|uA|u896BvOhp# zl=*j8HW()2BlY{A2(ZKCsV4&LVDVqRTw7n8dzGI>Gn4Wx>Ro&m9l*&`-B&QmRW|!v zet5Za$y#1j;rm{!Gyij_QpKJe7A@Ft?6Vk9cI}d1NWa*0m43Eev0M3eUVM%3$X#qJ zD#uPJd#qi^QDFO&HOh_1|7LrT|G~H4?%ll8T}O|dQXIpIJs8}*d$&Jd%o^thaB2s~JC-j_R1NI6pr3uK1K3(qOBUj>+T0+g z6;I1$=pH)AHoJ1%+U-Mrxz~GYb9sL2CVA^lw2U;hD8A3%Tbmo^ZCm7BJBp>Ev9&gr z89Mb4Li9 zgXG*PvUWF!+HxdqTW#)Tj@H9+H8wlQ*hgz~FY$}d%8OmgvJOE0tP}ZLJFyGS@D_>t zEs)}(3Oc8UYjdahmD8f@TRUP2J(|gd;%YdY$f?mtDyk+8J)wp&iD=9)g7J_Z!9t$m zPsyElt1lQyrb4k;D1^aJHVytD_T~xRBKPL4Z5TXTnyjFg7n^$dAY)u6Kxe10Igj&8 za&z92n{(!3ZSEM~LT?#z!X2|;2lHiPQUgbl&R4Wd0fgXOUSphAWyH^@?rMN&=F-xf zMpwY!pbwn#V`CtJk^!qul#3Oml*@tFF_g0c0gy&92OK#$@C2aBoG^}5tK*e{KmbQz zKfoF>3ge|>Azw6b(2fN%IN}0Ekg6U6|hy@7Bj7>-6WDK(ghXVj<`*41Q0i>Se9CL0MQV%cCQ5%7b% z!+97EhEjo0C;%2^S+49LsMrWtV~~+0Tp8ZISTTk`eHn3YX2x`kGF)QRhHY1{xELuq`BaqR4Wo|M3H3T54_WzRL;zei!O zZLpQaeXaPQ7L3nfV;I~LxNq?9S&*1K$g6m#W>#nkrI`-Z=8p3HZ@wt^{|Bsfyo;N~ z8luCkf-~Vr)0x0X%HgIKMpEb>AwUQa0)zk|KnM^5ga9Ex2oM5<03kpK5CVh%AwUQa z0)zk|KnM^5ga9Ex2oM5<03kpK5CVh%AwUQa0)zk|KnM^5ga9Ex2oM5<03kpK5CVh% zAwUQa0)zk|KnM^5ga9Ex2oM5<03kpK5CVh%AwUQa0)zk|KnM^5ga9Ex2oM5<03kpK I++_s*KeC4OGynhq From c31c24ccd85edc7d2f76234caabe7f985b9e59c3 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 13 Jul 2020 09:12:24 -0400 Subject: [PATCH 012/124] [fix] Check /nsm instead of / for free space --- setup/so-variables | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-variables b/setup/so-variables index 1123562d9..07f7aa71b 100644 --- a/setup/so-variables +++ b/setup/so-variables @@ -28,7 +28,7 @@ mkdir -p /nsm filesystem_nsm=$(df /nsm | awk '$3 ~ /[0-9]+/ { print $2 * 1000 }') export filesystem_nsm -free_space_root=$(df -Pk / | sed 1d | grep -v used | awk '{ print $4 / 1048576 }' | awk '{ printf("%.0f", $1) }') +free_space_root=$(df -Pk /nsm | sed 1d | grep -v used | awk '{ print $4 / 1048576 }' | awk '{ printf("%.0f", $1) }') export free_space_root mkdir -p /root/installtmp/pillar/minions From 242e17b329dad002ac815d48cbf8cd2b9a6f0d83 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 13 Jul 2020 09:45:11 -0400 Subject: [PATCH 013/124] prevent elasticsearch pillar being added twice for managers and helix --- setup/so-functions | 4 +--- setup/so-setup | 6 ++++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index b05da56dd..df19a17b7 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1141,8 +1141,7 @@ elasticsearch_pillar() { " log_size_limit: $log_size_limit"\ " node_route_type: hot"\ "" >> "$pillar_file" - - if [ "$install_type" != 'EVAL' ] && [ "$install_type" != 'HELIXSENSOR' ] && [ "$install_type" != 'MANAGERSEARCH' ] && [ "$install_type" != 'STANDALONE' ]; then + printf '%s\n'\ "logstash_settings:"\ " ls_pipeline_batch_size: $LSPIPELINEBATCH"\ @@ -1150,7 +1149,6 @@ elasticsearch_pillar() { " ls_batch_count: $LSINPUTBATCHCOUNT"\ " lsheap: $NODE_LS_HEAP_SIZE"\ "" >> "$pillar_file" - fi printf '%s\n' '----' >> "$setup_log" 2>&1 cat "$pillar_file" >> "$setup_log" 2>&1 diff --git a/setup/so-setup b/setup/so-setup index e1177c21c..eab45388a 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -440,8 +440,10 @@ fi set_progress_str 18 'Setting node type' set_node_type >> $setup_log 2>&1 - set_progress_str 19 'Generating search node pillar' - elasticsearch_pillar >> $setup_log 2>&1 + if ! [[ $is_manager || $is_helix ]]; then + set_progress_str 19 'Generating search node pillar' + elasticsearch_pillar >> $setup_log 2>&1 + fi fi if [[ $is_minion ]]; then From a6cceef986d46a4b66cb5455f8f3116dd9515708 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 13 Jul 2020 10:55:55 -0400 Subject: [PATCH 014/124] Removes create admin user from setup --- setup/so-setup | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index eab45388a..0c19fcfee 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -188,7 +188,7 @@ case "$setup_type" in whiptail_management_interface_dns_search fi - collect_adminuser_inputs + #collect_adminuser_inputs ;; 'network') whiptail_network_notice @@ -341,8 +341,8 @@ if [[ "$setup_type" == 'iso' ]]; then set_hostname_iso set_management_interface - add_admin_user - disable_onion_user + #add_admin_user + #disable_onion_user fi { From 14faa3b898269064079b2795566efa8ed93b12d0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 13 Jul 2020 11:08:04 -0400 Subject: [PATCH 015/124] Clean up bash profile --- setup/so-functions | 12 +++++++----- setup/so-setup | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index df19a17b7..1bbe4dccc 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -656,12 +656,14 @@ detect_os() { } -disable_onion_user() { - # Disable the default account cause security. - usermod -L onion - +disable_auto_start() { + # Remove the automated setup script from crontab, if it exists - crontab -u onion -r + crontab -u $USER -r + + # Truncate last line of the bash profile + sed -i '$ d' /home/$USER/.bash_profile + } disable_misc_network_features() { diff --git a/setup/so-setup b/setup/so-setup index 0c19fcfee..a0e545b92 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -342,7 +342,7 @@ if [[ "$setup_type" == 'iso' ]]; then set_management_interface #add_admin_user - #disable_onion_user + disable_auto_start fi { From dc0aa270d9382ac5b0913dfce97c8b7e69eab23b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 13 Jul 2020 11:12:11 -0400 Subject: [PATCH 016/124] Fix ISO rsync --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 1bbe4dccc..9885c48ff 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1420,8 +1420,8 @@ setup_salt_master_dirs() { # Copy over the salt code and templates if [ "$setup_type" = 'iso' ]; then - rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 - rsync -avh --exclude 'TRANS.TBL' /home/onion/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 + rsync -avh --exclude 'TRANS.TBL' /home/$USER/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 + rsync -avh --exclude 'TRANS.TBL' /home/$USER/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 else cp -R ../pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 cp -R ../salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 From ef3c5d1fe03654e6e9b7bd9eabafa175d7c584dd Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 13 Jul 2020 11:31:37 -0400 Subject: [PATCH 017/124] fix patch pillar, select patch hours on 1 screen --- setup/so-whiptail | 71 +++++++++++++++++++++-------------------------- 1 file changed, 32 insertions(+), 39 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 4d3d72c40..943b91f16 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -892,50 +892,43 @@ whiptail_patch_schedule_select_days() { } whiptail_patch_schedule_select_hours() { - - [ -n "$TESTING" ] && return - # Select the hours to patch - PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup" --checklist \ - "At which time, UTC, do you want to apply OS patches on the selected days? Hours 12 through 23 can be selected on the next screen." 22 75 13 \ - 00:00 "" OFF \ - 01:00 "" OFF \ - 02:00 "" OFF \ - 03:00 "" OFF \ - 04:00 "" OFF \ - 05:00 "" OFF \ - 06:00 "" OFF \ - 07:00 "" OFF \ - 08:00 "" OFF \ - 09:00 "" OFF \ - 10:00 "" OFF \ - 11:00 "" OFF 3>&1 1>&2 2>&3 ) + [ -n "$TESTING" ] && return - local exitstatus=$? - whiptail_check_exitstatus $exitstatus + # Select the hours to patch + PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup" --checklist \ + "At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \ + 00:00 "" OFF \ + 01:00 "" OFF \ + 02:00 "" ON \ + 03:00 "" OFF \ + 04:00 "" OFF \ + 05:00 "" OFF \ + 06:00 "" OFF \ + 07:00 "" OFF \ + 08:00 "" OFF \ + 09:00 "" OFF \ + 10:00 "" OFF \ + 11:00 "" OFF \ + 12:00 "" OFF \ + 13:00 "" OFF \ + 14:00 "" OFF \ + 15:00 "" OFF \ + 16:00 "" OFF \ + 17:00 "" OFF \ + 18:00 "" OFF \ + 19:00 "" OFF \ + 20:00 "" OFF \ + 21:00 "" OFF \ + 22:00 "" OFF \ + 23:00 "" OFF 3>&1 1>&2 2>&3) - # Select the hours to patch - PATCHSCHEDULEHOURS+=$(whiptail --title "Security Onion Setup" --checklist \ - "At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \ - 12:00 "" OFF \ - 13:00 "" OFF \ - 14:00 "" OFF \ - 15:00 "" ON \ - 16:00 "" OFF \ - 17:00 "" OFF \ - 18:00 "" OFF \ - 19:00 "" OFF \ - 20:00 "" OFF \ - 21:00 "" OFF \ - 22:00 "" OFF \ - 23:00 "" OFF 3>&1 1>&2 2>&3) + local exitstatus=$? + whiptail_check_exitstatus $exitstatus - local exitstatus=$? - whiptail_check_exitstatus $exitstatus + PATCHSCHEDULEHOURS=$(echo "$PATCHSCHEDULEHOURS" | tr -d '"') - PATCHSCHEDULEHOURS=$(echo "$PATCHSCHEDULEHOURS" | tr -d '"') - - IFS=' ' read -ra PATCHSCHEDULEHOURS <<< "$PATCHSCHEDULEHOURS" + IFS=' ' read -ra PATCHSCHEDULEHOURS <<< "$PATCHSCHEDULEHOURS" } From 59c00057b14cf253af5bd7b084b49573a107ac23 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Mon, 13 Jul 2020 11:34:30 -0400 Subject: [PATCH 018/124] fix patch pillar, select patch hours on 1 screen --- setup/so-whiptail | 64 +++++++++++++++++++++++------------------------ 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 943b91f16..17a75504a 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -893,42 +893,42 @@ whiptail_patch_schedule_select_days() { whiptail_patch_schedule_select_hours() { - [ -n "$TESTING" ] && return + [ -n "$TESTING" ] && return - # Select the hours to patch - PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup" --checklist \ - "At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \ - 00:00 "" OFF \ - 01:00 "" OFF \ - 02:00 "" ON \ - 03:00 "" OFF \ - 04:00 "" OFF \ - 05:00 "" OFF \ - 06:00 "" OFF \ - 07:00 "" OFF \ - 08:00 "" OFF \ - 09:00 "" OFF \ - 10:00 "" OFF \ - 11:00 "" OFF \ - 12:00 "" OFF \ - 13:00 "" OFF \ - 14:00 "" OFF \ - 15:00 "" OFF \ - 16:00 "" OFF \ - 17:00 "" OFF \ - 18:00 "" OFF \ - 19:00 "" OFF \ - 20:00 "" OFF \ - 21:00 "" OFF \ - 22:00 "" OFF \ - 23:00 "" OFF 3>&1 1>&2 2>&3) + # Select the hours to patch + PATCHSCHEDULEHOURS=$(whiptail --title "Security Onion Setup" --checklist \ + "At which time, UTC, do you want to apply OS patches on the selected days?" 22 75 13 \ + 00:00 "" OFF \ + 01:00 "" OFF \ + 02:00 "" ON \ + 03:00 "" OFF \ + 04:00 "" OFF \ + 05:00 "" OFF \ + 06:00 "" OFF \ + 07:00 "" OFF \ + 08:00 "" OFF \ + 09:00 "" OFF \ + 10:00 "" OFF \ + 11:00 "" OFF \ + 12:00 "" OFF \ + 13:00 "" OFF \ + 14:00 "" OFF \ + 15:00 "" OFF \ + 16:00 "" OFF \ + 17:00 "" OFF \ + 18:00 "" OFF \ + 19:00 "" OFF \ + 20:00 "" OFF \ + 21:00 "" OFF \ + 22:00 "" OFF \ + 23:00 "" OFF 3>&1 1>&2 2>&3) - local exitstatus=$? - whiptail_check_exitstatus $exitstatus + local exitstatus=$? + whiptail_check_exitstatus $exitstatus - PATCHSCHEDULEHOURS=$(echo "$PATCHSCHEDULEHOURS" | tr -d '"') + PATCHSCHEDULEHOURS=$(echo "$PATCHSCHEDULEHOURS" | tr -d '"') - IFS=' ' read -ra PATCHSCHEDULEHOURS <<< "$PATCHSCHEDULEHOURS" + IFS=' ' read -ra PATCHSCHEDULEHOURS <<< "$PATCHSCHEDULEHOURS" } From c58571312212164ad8bd57cd163cd5860b0e78b1 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 13 Jul 2020 13:28:54 -0400 Subject: [PATCH 019/124] [style] Change SO_ERROR check to non-empty check --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index c22d49ee8..0ddf99895 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -623,7 +623,7 @@ if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 fi -if [[ $success != 0 || $SO_ERROR == 1 ]]; then +if [[ $success != 0 || -n $SO_ERROR ]]; then SKIP_REBOOT=1 whiptail_setup_failed else From 55869c4f81a8e60a3913106a74fa9432f12736c5 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 13 Jul 2020 14:25:10 -0400 Subject: [PATCH 020/124] Fix username so install works properly from ISO --- setup/so-functions | 13 +++++++++---- setup/so-setup | 3 +++ 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 9885c48ff..66dc20ebd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -659,10 +659,10 @@ detect_os() { disable_auto_start() { # Remove the automated setup script from crontab, if it exists - crontab -u $USER -r + crontab -u $INSTALLUSERNAME -r # Truncate last line of the bash profile - sed -i '$ d' /home/$USER/.bash_profile + sed -i '$ d' /home/$INSTALLUSERNAME/.bash_profile } @@ -1156,6 +1156,11 @@ elasticsearch_pillar() { cat "$pillar_file" >> "$setup_log" 2>&1 } +parse_install_username() { + # parse out the install username so things copy correctly + INSTALLUSERNAME=$(pwd | sed -E 's/\// /g' | awk '{ print $2 }') +} + patch_pillar() { local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls @@ -1420,8 +1425,8 @@ setup_salt_master_dirs() { # Copy over the salt code and templates if [ "$setup_type" = 'iso' ]; then - rsync -avh --exclude 'TRANS.TBL' /home/$USER/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 - rsync -avh --exclude 'TRANS.TBL' /home/$USER/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 + rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 + rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 else cp -R ../pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 cp -R ../salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 diff --git a/setup/so-setup b/setup/so-setup index a0e545b92..2d2275f5f 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -47,6 +47,9 @@ while [[ $# -gt 0 ]]; do done # Begin Installation pre-processing +parse_install_username +echo "Installing as the $INSTALLUSERNAME user." >> $setup_log 2>&1 + echo "---- Starting setup at $(date -u) ----" >> $setup_log 2>&1 automated=no From 00f178197c01d3d80aee2b14bfbe418742bfcb6a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 13 Jul 2020 14:34:11 -0400 Subject: [PATCH 021/124] [fix] Evaluate $success early to avoid checking against other output --- setup/so-setup | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 2d2275f5f..31baf3deb 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -620,11 +620,13 @@ fi success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}') +if [[ $success != 0 ]]; then SO_ERROR=1; fi # evaluate success first so it doesn't check against the output of so-allow + if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 fi -if [[ $success != 0 || $SO_ERROR == 1 ]]; then +if [[ -n $SO_ERROR ]]; then SKIP_REBOOT=1 whiptail_setup_failed else From 81c8185cb559cbb1f126e6d90affe76e5ecec95b Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 13 Jul 2020 14:53:47 -0400 Subject: [PATCH 022/124] [refactor] Delete check for network install since we check /nsm now --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 3b5fc81b7..df7a3f254 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -420,7 +420,7 @@ check_requirements() { if [[ "$node_type" == 'fleet' ]]; then req_mem=4; fi fi - if (( $(echo "$free_space_root < $req_storage" | bc -l) )) && [[ $setup_type == 'network' ]]; then + if (( $(echo "$free_space_root < $req_storage" | bc -l) )); then whiptail_requirements_error "disk space" "${free_space_root} GB" "${req_storage} GB" fi From aa4d435020333e39207f9fdc6dd51529114c135a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Mon, 13 Jul 2020 15:21:05 -0400 Subject: [PATCH 023/124] [fix] Don't run so-allow before setup complete menu --- setup/so-setup | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index b5f6d1d52..c10ff4737 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -624,10 +624,6 @@ success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}') if [[ $success != 0 ]]; then SO_ERROR=1; fi # evaluate success first so it doesn't check against the output of so-allow -if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then - IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 -fi - if [[ -n $SO_ERROR ]]; then SKIP_REBOOT=1 whiptail_setup_failed @@ -636,6 +632,10 @@ else if [[ $THEHIVE == 1 ]]; then check_hive_init; fi fi +if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then + IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 +fi + install_cleanup >> $setup_log 2>&1 if [[ -z $SKIP_REBOOT ]]; then shutdown -r now; else exit; fi From f67f0679aef27825630a0259a6fc77cedf6ca028 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 13 Jul 2020 16:02:01 -0400 Subject: [PATCH 024/124] Add new so-pcaptools image to docker list for network install --- setup/so-functions | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-functions b/setup/so-functions index 66dc20ebd..7d05852e0 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -775,6 +775,7 @@ docker_seed_registry() { "so-influxdb:$VERSION" \ "so-kibana:$VERSION" \ "so-mysql:$VERSION" \ + "so-pcaptools:$VERSION" \ "so-playbook:$VERSION" \ "so-soc:$VERSION" \ "so-kratos:$VERSION" \ From 8f66a27f07d1dd7a8cc8929596eacee0b9723a6c Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 13 Jul 2020 18:26:43 -0400 Subject: [PATCH 025/124] Refactor image repository to a single variable --- salt/common/tools/sbin/so-common | 2 + salt/common/tools/sbin/so-docker-refresh | 16 +- salt/common/tools/sbin/so-elastic-download | 43 - salt/common/tools/sbin/so-features-enable | 8 +- salt/common/tools/sbin/so-import-pcap | 9 +- salt/curator/init.sls | 3 +- salt/deprecated-bro/cron/packetloss.sh | 2 - salt/deprecated-bro/cron/zeek_clean | 64 - salt/deprecated-bro/files/local.bro | 139 -- salt/deprecated-bro/files/local.bro.community | 133 -- salt/deprecated-bro/files/node.cfg | 47 - salt/deprecated-bro/init.sls | 206 -- salt/deprecated-bro/policy/intel/__load__.bro | 1 - .../securityonion/add-interface-to-logs.bro | 20 - .../policy/securityonion/apt1/__load__.bro | 9 - .../policy/securityonion/apt1/apt1-certs.dat | 26 - .../policy/securityonion/apt1/apt1-fqdn.dat | 2049 ----------------- .../policy/securityonion/apt1/apt1-md5.dat | 1012 -------- .../policy/securityonion/bpfconf.bro | 106 - .../securityonion/conn-add-sensorname.bro | 10 - .../file-extraction/__load__.bro | 1 - .../securityonion/file-extraction/extract.bro | 21 - .../securityonion/json-logs/__load__.bro | 3 - salt/domainstats/init.sls | 6 +- salt/elastalert/init.sls | 3 +- salt/elasticsearch/init.sls | 3 +- salt/filebeat/init.sls | 3 +- salt/fleet/init.sls | 3 +- salt/freqserver/init.sls | 6 +- salt/grafana/init.sls | 3 +- salt/idstools/init.sls | 3 +- salt/influxdb/init.sls | 4 +- salt/kibana/init.sls | 3 +- salt/logstash/init.sls | 3 +- .../files/registry/scripts/so-docker-download | 46 - salt/manager/init.sls | 3 +- salt/mysql/init.sls | 3 +- salt/nginx/init.sls | 3 +- salt/nodered/init.sls | 4 +- salt/pcap/init.sls | 5 +- salt/playbook/init.sls | 3 +- salt/reactor/fleet.sls | 4 +- salt/redis/init.sls | 3 +- salt/soc/init.sls | 5 +- salt/soctopus/init.sls | 3 +- salt/strelka/init.sls | 13 +- salt/suricata/init.sls | 3 +- salt/tcpreplay/init.sls | 3 +- salt/telegraf/init.sls | 3 +- salt/thehive/init.sls | 7 +- salt/wazuh/init.sls | 3 +- salt/zeek/init.sls | 3 +- setup/so-common-functions | 1 + setup/so-functions | 11 +- upgrade/so-update-functions | 11 +- 55 files changed, 103 insertions(+), 4007 deletions(-) delete mode 100755 salt/common/tools/sbin/so-elastic-download delete mode 100644 salt/deprecated-bro/cron/packetloss.sh delete mode 100644 salt/deprecated-bro/cron/zeek_clean delete mode 100644 salt/deprecated-bro/files/local.bro delete mode 100644 salt/deprecated-bro/files/local.bro.community delete mode 100644 salt/deprecated-bro/files/node.cfg delete mode 100644 salt/deprecated-bro/init.sls delete mode 100644 salt/deprecated-bro/policy/intel/__load__.bro delete mode 100644 salt/deprecated-bro/policy/securityonion/add-interface-to-logs.bro delete mode 100644 salt/deprecated-bro/policy/securityonion/apt1/__load__.bro delete mode 100644 salt/deprecated-bro/policy/securityonion/apt1/apt1-certs.dat delete mode 100644 salt/deprecated-bro/policy/securityonion/apt1/apt1-fqdn.dat delete mode 100644 salt/deprecated-bro/policy/securityonion/apt1/apt1-md5.dat delete mode 100644 salt/deprecated-bro/policy/securityonion/bpfconf.bro delete mode 100644 salt/deprecated-bro/policy/securityonion/conn-add-sensorname.bro delete mode 100644 salt/deprecated-bro/policy/securityonion/file-extraction/__load__.bro delete mode 100644 salt/deprecated-bro/policy/securityonion/file-extraction/extract.bro delete mode 100644 salt/deprecated-bro/policy/securityonion/json-logs/__load__.bro delete mode 100644 salt/manager/files/registry/scripts/so-docker-download diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 759f78f18..8db8fea52 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -15,6 +15,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +IMAGEREPO=soshybridhunter + # Check for prerequisites if [ "$(id -u)" -ne 0 ]; then echo "This script must be run using sudo!" diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh index bd9993570..11200864f 100644 --- a/salt/common/tools/sbin/so-docker-refresh +++ b/salt/common/tools/sbin/so-docker-refresh @@ -14,12 +14,8 @@ # # You should have received a copy of the GNU General Public License # along with this program. If not, see . -got_root(){ - if [ "$(id -u)" -ne 0 ]; then - echo "This script must be run using sudo!" - exit 1 - fi -} + +. /usr/sbin/so-common manager_check() { # Check to see if this is a manager @@ -39,10 +35,10 @@ update_docker_containers() { do # Pull down the trusted docker image echo "Downloading $i" - docker pull --disable-content-trust=false docker.io/soshybridhunter/$i + docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i # Tag it with the new registry destination - docker tag soshybridhunter/$i $HOSTNAME:5000/soshybridhunter/$i - docker push $HOSTNAME:5000/soshybridhunter/$i + docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i + docker push $HOSTNAME:5000/$IMAGEREPO/$i done } @@ -55,7 +51,7 @@ version_check() { exit 1 fi } -got_root + manager_check version_check diff --git a/salt/common/tools/sbin/so-elastic-download b/salt/common/tools/sbin/so-elastic-download deleted file mode 100755 index b52d88c45..000000000 --- a/salt/common/tools/sbin/so-elastic-download +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -MANAGER=MANAGER -VERSION="HH1.1.4" -TRUSTED_CONTAINERS=( \ -"so-nginx:$VERSION" \ -"so-thehive-cortex:$VERSION" \ -"so-curator:$VERSION" \ -"so-domainstats:$VERSION" \ -"so-elastalert:$VERSION" \ -"so-elasticsearch:$VERSION" \ -"so-filebeat:$VERSION" \ -"so-fleet:$VERSION" \ -"so-fleet-launcher:$VERSION" \ -"so-freqserver:$VERSION" \ -"so-grafana:$VERSION" \ -"so-idstools:$VERSION" \ -"so-influxdb:$VERSION" \ -"so-kibana:$VERSION" \ -"so-logstash:$VERSION" \ -"so-mysql:$VERSION" \ -"so-playbook:$VERSION" \ -"so-redis:$VERSION" \ -"so-sensoroni:$VERSION" \ -"so-soctopus:$VERSION" \ -"so-steno:$VERSION" \ -#"so-strelka:$VERSION" \ -"so-suricata:$VERSION" \ -"so-telegraf:$VERSION" \ -"so-thehive:$VERSION" \ -"so-thehive-es:$VERSION" \ -"so-wazuh:$VERSION" \ -"so-zeek:$VERSION" ) - -for i in "${TRUSTED_CONTAINERS[@]}" -do - # Pull down the trusted docker image - echo "Downloading $i" - docker pull --disable-content-trust=false docker.io/soshybridhunter/$i - # Tag it with the new registry destination - docker tag soshybridhunter/$i $MANAGER:5000/soshybridhunter/$i - docker push $MANAGER:5000/soshybridhunter/$i - docker rmi soshybridhunter/$i -done diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable index 6ba9252a9..edc378bc5 100755 --- a/salt/common/tools/sbin/so-features-enable +++ b/salt/common/tools/sbin/so-features-enable @@ -31,13 +31,13 @@ for i in "${TRUSTED_CONTAINERS[@]}" do # Pull down the trusted docker image echo "Downloading $i" - docker pull --disable-content-trust=false docker.io/soshybridhunter/$i + docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i # Tag it with the new registry destination - docker tag soshybridhunter/$i $HOSTNAME:5000/soshybridhunter/$i - docker push $HOSTNAME:5000/soshybridhunter/$i + docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i + docker push $HOSTNAME:5000/$IMAGEREPO/$i done for i in "${TRUSTED_CONTAINERS[@]}" do echo "Removing $i locally" - docker rmi soshybridhunter/$i + docker rmi $IMAGEREPO/$i done diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap index 02b7ffedc..92dc27f50 100755 --- a/salt/common/tools/sbin/so-import-pcap +++ b/salt/common/tools/sbin/so-import-pcap @@ -17,6 +17,7 @@ {% set MANAGER = salt['grains.get']('master') %} {% set VERSION = salt['pillar.get']('static:soversion') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {%- set MANAGERIP = salt['pillar.get']('static:managerip') -%} function usage { @@ -31,13 +32,13 @@ EOF function pcapinfo() { PCAP=$1 ARGS=$2 - docker run --rm -v $PCAP:/input.pcap --entrypoint capinfos {{ MANAGER }}:5000/soshybridhunter/so-pcaptools:{{ VERSION }} /input.pcap $ARGS + docker run --rm -v $PCAP:/input.pcap --entrypoint capinfos {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} /input.pcap $ARGS } function pcapfix() { PCAP=$1 PCAP_OUT=$2 - docker run --rm -v $PCAP:/input.pcap -v $PCAP_OUT:$PCAP_OUT --entrypoint pcapfix {{ MANAGER }}:5000/soshybridhunter/so-pcaptools:{{ VERSION }} /input.pcap -o $PCAP_OUT > /dev/null 2>&1 + docker run --rm -v $PCAP:/input.pcap -v $PCAP_OUT:$PCAP_OUT --entrypoint pcapfix {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-pcaptools:{{ VERSION }} /input.pcap -o $PCAP_OUT > /dev/null 2>&1 } function suricata() { @@ -58,7 +59,7 @@ function suricata() { -v ${NSM_PATH}/:/nsm/:rw \ -v $PCAP:/input.pcap:ro \ -v /opt/so/conf/suricata/bpf:/etc/suricata/bpf:ro \ - {{ MANAGER }}:5000/soshybridhunter/so-suricata:{{ VERSION }} \ + {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-suricata:{{ VERSION }} \ --runmode single -k none -r /input.pcap > $LOG_PATH/console.log 2>&1 } @@ -86,7 +87,7 @@ function zeek() { -v /opt/so/conf/zeek/bpf:/opt/zeek/etc/bpf:ro \ --entrypoint /opt/zeek/bin/zeek \ -w /nsm/zeek/logs \ - {{ MANAGER }}:5000/soshybridhunter/so-zeek:{{ VERSION }} \ + {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }} \ -C -r /input.pcap local > $NSM_PATH/logs/console.log 2>&1 } diff --git a/salt/curator/init.sls b/salt/curator/init.sls index 0896e0c6a..8873f401a 100644 --- a/salt/curator/init.sls +++ b/salt/curator/init.sls @@ -1,4 +1,5 @@ {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% if grains['role'] in ['so-eval', 'so-node', 'so-managersearch', 'so-heavynode', 'so-standalone'] %} # Curator @@ -111,7 +112,7 @@ so-curatordeletecron: so-curator: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-curator:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-curator:{{ VERSION }} - hostname: curator - name: so-curator - user: curator diff --git a/salt/deprecated-bro/cron/packetloss.sh b/salt/deprecated-bro/cron/packetloss.sh deleted file mode 100644 index 744fd09f4..000000000 --- a/salt/deprecated-bro/cron/packetloss.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -/usr/bin/docker exec so-bro /opt/bro/bin/broctl netstats | awk '{print $(NF-2),$(NF-1),$NF}' | awk -F '[ =]' '{RCVD += $2;DRP += $4;TTL += $6} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/bro/logs/packetloss.log diff --git a/salt/deprecated-bro/cron/zeek_clean b/salt/deprecated-bro/cron/zeek_clean deleted file mode 100644 index 24bbc218c..000000000 --- a/salt/deprecated-bro/cron/zeek_clean +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash - -# Delete Zeek Logs based on defined CRIT_DISK_USAGE value - -# Copyright 2014,2015,2016,2017,2018, 2019 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -clean () { - -SENSOR_DIR='/nsm' -CRIT_DISK_USAGE=90 -CUR_USAGE=$(df -P $SENSOR_DIR | tail -1 | awk '{print $5}' | tr -d %) -LOG="/nsm/bro/logs/zeek_clean.log" - -if [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ]; then - while [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ]; - do - TODAY=$(date -u "+%Y-%m-%d") - - # find the oldest Zeek logs directory and exclude today - OLDEST_DIR=$(ls /nsm/bro/logs/ | grep -v "current" | grep -v "stats" | grep -v "packetloss" | grep -v "zeek_clean" | sort | grep -v $TODAY | head -n 1) - if [ -z "$OLDEST_DIR" -o "$OLDEST_DIR" == ".." -o "$OLDEST_DIR" == "." ] - then - echo "$(date) - No old Zeek logs available to clean up in /nsm/bro/logs/" >> $LOG - exit 0 - else - echo "$(date) - Removing directory: /nsm/bro/logs/$OLDEST_DIR" >> $LOG - rm -rf /nsm/bro/logs/"$OLDEST_DIR" - fi - - # find oldest files in extracted directory and exclude today - OLDEST_EXTRACT=$(find /nsm/bro/extracted -type f -printf '%T+ %p\n' 2>/dev/null | sort | grep -v $TODAY | head -n 1) - if [ -z "$OLDEST_EXTRACT" -o "$OLDEST_EXTRACT" == ".." -o "$OLDEST_EXTRACT" == "." ] - then - echo "$(date) - No old extracted files available to clean up in /nsm/bro/extracted/" >> $LOG - else - OLDEST_EXTRACT_DATE=`echo $OLDEST_EXTRACT | awk '{print $1}' | cut -d+ -f1` - OLDEST_EXTRACT_FILE=`echo $OLDEST_EXTRACT | awk '{print $2}'` - echo "$(date) - Removing extracted files for $OLDEST_EXTRACT_DATE" >> $LOG - find /nsm/bro/extracted -type f -printf '%T+ %p\n' | grep $OLDEST_EXTRACT_DATE | awk '{print $2}' |while read FILE - do - echo "$(date) - Removing extracted file: $FILE" >> $LOG - rm -f "$FILE" - done - fi - done -else - echo "$(date) - CRIT_DISK_USAGE value of $CRIT_DISK_USAGE not greater than current usage of $CUR_USAGE..." >> $LOG -fi -} - -clean diff --git a/salt/deprecated-bro/files/local.bro b/salt/deprecated-bro/files/local.bro deleted file mode 100644 index 30b216548..000000000 --- a/salt/deprecated-bro/files/local.bro +++ /dev/null @@ -1,139 +0,0 @@ -##! Local site policy. Customize as appropriate. -##! -##! This file will not be overwritten when upgrading or reinstalling! - -# This script logs which scripts were loaded during each run. -@load misc/loaded-scripts - -# Apply the default tuning scripts for common tuning settings. -@load tuning/defaults - -# Estimate and log capture loss. -@load misc/capture-loss - -# Enable logging of memory, packet and lag statistics. -@load misc/stats - -# Load the scan detection script. -@load misc/scan - -# Detect traceroute being run on the network. This could possibly cause -# performance trouble when there are a lot of traceroutes on your network. -# Enable cautiously. -#@load misc/detect-traceroute - -# Generate notices when vulnerable versions of software are discovered. -# The default is to only monitor software found in the address space defined -# as "local". Refer to the software framework's documentation for more -# information. -@load frameworks/software/vulnerable - -# Detect software changing (e.g. attacker installing hacked SSHD). -@load frameworks/software/version-changes - -# This adds signatures to detect cleartext forward and reverse windows shells. -@load-sigs frameworks/signatures/detect-windows-shells - -# Load all of the scripts that detect software in various protocols. -@load protocols/ftp/software -@load protocols/smtp/software -@load protocols/ssh/software -@load protocols/http/software -# The detect-webapps script could possibly cause performance trouble when -# running on live traffic. Enable it cautiously. -#@load protocols/http/detect-webapps - -# This script detects DNS results pointing toward your Site::local_nets -# where the name is not part of your local DNS zone and is being hosted -# externally. Requires that the Site::local_zones variable is defined. -@load protocols/dns/detect-external-names - -# Script to detect various activity in FTP sessions. -@load protocols/ftp/detect - -# Scripts that do asset tracking. -@load protocols/conn/known-hosts -@load protocols/conn/known-services -@load protocols/ssl/known-certs - -# This script enables SSL/TLS certificate validation. -@load protocols/ssl/validate-certs - -# This script prevents the logging of SSL CA certificates in x509.log -@load protocols/ssl/log-hostcerts-only - -# Uncomment the following line to check each SSL certificate hash against the ICSI -# certificate notary service; see http://notary.icsi.berkeley.edu . -# @load protocols/ssl/notary - -# If you have libGeoIP support built in, do some geographic detections and -# logging for SSH traffic. -@load protocols/ssh/geo-data -# Detect hosts doing SSH bruteforce attacks. -@load protocols/ssh/detect-bruteforcing -# Detect logins using "interesting" hostnames. -@load protocols/ssh/interesting-hostnames - -# Detect SQL injection attacks. -@load protocols/http/detect-sqli - -#### Network File Handling #### - -# Enable MD5 and SHA1 hashing for all files. -@load frameworks/files/hash-all-files - -# Detect SHA1 sums in Team Cymru's Malware Hash Registry. -@load frameworks/files/detect-MHR - -# Uncomment the following line to enable detection of the heartbleed attack. Enabling -# this might impact performance a bit. -# @load policy/protocols/ssl/heartbleed - -# Uncomment the following line to enable logging of connection VLANs. Enabling -# this adds two VLAN fields to the conn.log file. This may not work properly -# since we use AF_PACKET and it strips VLAN tags. -# @load policy/protocols/conn/vlan-logging - -# Uncomment the following line to enable logging of link-layer addresses. Enabling -# this adds the link-layer address for each connection endpoint to the conn.log file. -# @load policy/protocols/conn/mac-logging - -# Uncomment the following line to enable the SMB analyzer. The analyzer -# is currently considered a preview and therefore not loaded by default. -@load base/protocols/smb - -# BPF Configuration -@load securityonion/bpfconf - -# Add the interface to the log event -#@load securityonion/add-interface-to-logs.bro - -# Add Sensor Name to the conn.log -#@load securityonion/conn-add-sensorname.bro - -# File Extraction -#@load securityonion/file-extraction - -# Intel from Mandiant APT1 Report -#@load securityonion/apt1 - -# ShellShock - detects successful exploitation of Bash vulnerability CVE-2014-6271 -#@load securityonion/shellshock - -# JA3 - SSL Detection Goodness -@load policy/ja3 - -# HASSH -@load policy/hassh - -# You can load your own intel into: -# /opt/so/saltstack/bro/policy/intel/ on the manager -@load intel - -# Load a custom Bro policy -# /opt/so/saltstack/bro/policy/custom/ on the manager -#@load custom/somebropolicy.bro - -# Write logs in JSON -redef LogAscii::use_json = T; -redef LogAscii::json_timestamps = JSON::TS_ISO8601; diff --git a/salt/deprecated-bro/files/local.bro.community b/salt/deprecated-bro/files/local.bro.community deleted file mode 100644 index 76b18587f..000000000 --- a/salt/deprecated-bro/files/local.bro.community +++ /dev/null @@ -1,133 +0,0 @@ -##! Local site policy. Customize as appropriate. -##! -##! This file will not be overwritten when upgrading or reinstalling! - -# This script logs which scripts were loaded during each run. -@load misc/loaded-scripts - -# Apply the default tuning scripts for common tuning settings. -@load tuning/defaults - -# Estimate and log capture loss. -@load misc/capture-loss - -# Enable logging of memory, packet and lag statistics. -@load misc/stats - -# Load the scan detection script. -@load misc/scan - -# Detect traceroute being run on the network. This could possibly cause -# performance trouble when there are a lot of traceroutes on your network. -# Enable cautiously. -#@load misc/detect-traceroute - -# Generate notices when vulnerable versions of software are discovered. -# The default is to only monitor software found in the address space defined -# as "local". Refer to the software framework's documentation for more -# information. -@load frameworks/software/vulnerable - -# Detect software changing (e.g. attacker installing hacked SSHD). -@load frameworks/software/version-changes - -# This adds signatures to detect cleartext forward and reverse windows shells. -@load-sigs frameworks/signatures/detect-windows-shells - -# Load all of the scripts that detect software in various protocols. -@load protocols/ftp/software -@load protocols/smtp/software -@load protocols/ssh/software -@load protocols/http/software -# The detect-webapps script could possibly cause performance trouble when -# running on live traffic. Enable it cautiously. -#@load protocols/http/detect-webapps - -# This script detects DNS results pointing toward your Site::local_nets -# where the name is not part of your local DNS zone and is being hosted -# externally. Requires that the Site::local_zones variable is defined. -@load protocols/dns/detect-external-names - -# Script to detect various activity in FTP sessions. -@load protocols/ftp/detect - -# Scripts that do asset tracking. -@load protocols/conn/known-hosts -@load protocols/conn/known-services -@load protocols/ssl/known-certs - -# This script enables SSL/TLS certificate validation. -@load protocols/ssl/validate-certs - -# This script prevents the logging of SSL CA certificates in x509.log -@load protocols/ssl/log-hostcerts-only - -# Uncomment the following line to check each SSL certificate hash against the ICSI -# certificate notary service; see http://notary.icsi.berkeley.edu . -# @load protocols/ssl/notary - -# If you have libGeoIP support built in, do some geographic detections and -# logging for SSH traffic. -@load protocols/ssh/geo-data -# Detect hosts doing SSH bruteforce attacks. -@load protocols/ssh/detect-bruteforcing -# Detect logins using "interesting" hostnames. -@load protocols/ssh/interesting-hostnames - -# Detect SQL injection attacks. -@load protocols/http/detect-sqli - -#### Network File Handling #### - -# Enable MD5 and SHA1 hashing for all files. -@load frameworks/files/hash-all-files - -# Detect SHA1 sums in Team Cymru's Malware Hash Registry. -@load frameworks/files/detect-MHR - -# Uncomment the following line to enable detection of the heartbleed attack. Enabling -# this might impact performance a bit. -# @load policy/protocols/ssl/heartbleed - -# Uncomment the following line to enable logging of connection VLANs. Enabling -# this adds two VLAN fields to the conn.log file. This may not work properly -# since we use AF_PACKET and it strips VLAN tags. -# @load policy/protocols/conn/vlan-logging - -# Uncomment the following line to enable logging of link-layer addresses. Enabling -# this adds the link-layer address for each connection endpoint to the conn.log file. -# @load policy/protocols/conn/mac-logging - -# Uncomment the following line to enable the SMB analyzer. The analyzer -# is currently considered a preview and therefore not loaded by default. -# @load policy/protocols/smb - -# Add the interface to the log event -#@load securityonion/add-interface-to-logs.bro - -# Add Sensor Name to the conn.log -#@load securityonion/conn-add-sensorname.bro - -# File Extraction -#@load securityonion/file-extraction - -# Intel from Mandiant APT1 Report -#@load securityonion/apt1 - -# ShellShock - detects successful exploitation of Bash vulnerability CVE-2014-6271 -#@load securityonion/shellshock - -# JA3 - SSL Detection Goodness -@load policy/ja3 - -# You can load your own intel into: -# /opt/so/saltstack/bro/policy/intel/ on the manager -@load intel - -# Load a custom Bro policy -# /opt/so/saltstack/bro/policy/custom/ on the manager -#@load custom/somebropolicy.bro - -# Use JSON -redef LogAscii::use_json = T; -redef LogAscii::json_timestamps = JSON::TS_ISO8601; diff --git a/salt/deprecated-bro/files/node.cfg b/salt/deprecated-bro/files/node.cfg deleted file mode 100644 index 804771728..000000000 --- a/salt/deprecated-bro/files/node.cfg +++ /dev/null @@ -1,47 +0,0 @@ -{%- set interface = salt['pillar.get']('sensor:interface', 'bond0') %} - -{%- if salt['pillar.get']('sensor:zeek_pins') or salt['pillar.get']('sensor:zeek_lbprocs') %} -{%- if salt['pillar.get']('sensor:zeek_proxies') %} - {%- set proxies = salt['pillar.get']('sensor:zeek_proxies', '1') %} -{%- else %} - {%- if salt['pillar.get']('sensor:zeek_pins') %} - {%- set proxies = (salt['pillar.get']('sensor:zeek_pins')|length/10)|round(0, 'ceil')|int %} - {%- else %} - {%- set proxies = (salt['pillar.get']('sensor:zeek_lbprocs')/10)|round(0, 'ceil')|int %} - {%- endif %} -{%- endif %} -[manager] -type=manager -host=localhost - -[logger] -type=logger -host=localhost - -[proxy] -type=proxy -host=localhost - -[worker-1] -type=worker -host=localhost -interface=af_packet::{{ interface }} -lb_method=custom - -{%- if salt['pillar.get']('sensor:zeek_lbprocs') %} -lb_procs={{ salt['pillar.get']('sensor:zeek_lbprocs', '1') }} -{%- else %} -lb_procs={{ salt['pillar.get']('sensor:zeek_pins')|length }} -{%- endif %} -{%- if salt['pillar.get']('sensor:zeek_pins') %} -pin_cpus={{ salt['pillar.get']('sensor:zeek_pins')|join(", ") }} -{%- endif %} -af_packet_fanout_id=23 -af_packet_fanout_mode=AF_Packet::FANOUT_HASH -af_packet_buffer_size=128*1024*1024 -{%- else %} -[brosa] -type=standalone -host=localhost -interface={{ interface }} -{%- endif %} diff --git a/salt/deprecated-bro/init.sls b/salt/deprecated-bro/init.sls deleted file mode 100644 index 8f36be420..000000000 --- a/salt/deprecated-bro/init.sls +++ /dev/null @@ -1,206 +0,0 @@ -{% set interface = salt['pillar.get']('sensor:interface', 'bond0') %} -{% set BPF_ZEEK = salt['pillar.get']('zeek:bpf') %} -{% set BPF_STATUS = 0 %} - -# Bro Salt State -# Add Bro group -brogroup: - group.present: - - name: bro - - gid: 937 - -# Add Bro User -bro: - user.present: - - uid: 937 - - gid: 937 - - home: /home/bro - -# Create some directories -bropolicydir: - file.directory: - - name: /opt/so/conf/bro/policy - - user: 937 - - group: 939 - - makedirs: True - -# Bro Log Directory -brologdir: - file.directory: - - name: /nsm/bro/logs - - user: 937 - - group: 939 - - makedirs: True - -# Bro Spool Directory -brospooldir: - file.directory: - - name: /nsm/bro/spool/manager - - user: 937 - - makedirs: true - -# Bro extracted directory -broextractdir: - file.directory: - - name: /nsm/bro/extracted - - user: 937 - - group: 939 - - makedirs: True - -brosfafincompletedir: - file.directory: - - name: /nsm/faf/files/incomplete - - user: 937 - - makedirs: true - -brosfafcompletedir: - file.directory: - - name: /nsm/faf/files/complete - - user: 937 - - makedirs: true - -# Sync the policies -bropolicysync: - file.recurse: - - name: /opt/so/conf/bro/policy - - source: salt://bro/policy - - user: 937 - - group: 939 - - template: jinja - -# Sync node.cfg -nodecfgsync: - file.managed: - - name: /opt/so/conf/bro/node.cfg - - source: salt://bro/files/node.cfg - - user: 937 - - group: 939 - - template: jinja - -plcronscript: - file.managed: - - name: /usr/local/bin/packetloss.sh - - source: salt://bro/cron/packetloss.sh - - mode: 755 - -zeekcleanscript: - file.managed: - - name: /usr/local/bin/zeek_clean - - source: salt://bro/cron/zeek_clean - - mode: 755 - -/usr/local/bin/zeek_clean: - cron.present: - - user: root - - minute: '*' - - hour: '*' - - daymonth: '*' - - month: '*' - - dayweek: '*' - -/usr/local/bin/packetloss.sh: - cron.present: - - user: root - - minute: '*/10' - - hour: '*' - - daymonth: '*' - - month: '*' - - dayweek: '*' - -# BPF compilation and configuration -{% if BPF_ZEEK %} - {% set BPF_CALC = salt['cmd.script']('/usr/sbin/so-bpf-compile', interface + ' ' + BPF_ZEEK|join(" ") ) %} - {% if BPF_CALC['stderr'] == "" %} - {% set BPF_STATUS = 1 %} - {% else %} -zeekbpfcompilationfailure: - test.configurable_test_state: - - changes: False - - result: False - - comment: "BPF Syntax Error - Discarding Specified BPF" - {% endif %} -{% endif %} - -zeekbpf: - file.managed: - - name: /opt/so/conf/bro/bpf - - user: 940 - - group: 940 - {% if BPF_STATUS %} - - contents_pillar: zeek:bpf - {% else %} - - contents: - - "ip or not ip" - {% endif %} - -# Sync local.bro -{% if salt['pillar.get']('static:broversion', '') == 'COMMUNITY' %} -localbrosync: - file.managed: - - name: /opt/so/conf/bro/local.bro - - source: salt://bro/files/local.bro.community - - user: 937 - - group: 939 - - template: jinja - -so-communitybroimage: - cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-communitybro:HH1.0.3 - -so-bro: - docker_container.running: - - require: - - so-communitybroimage - - image: docker.io/soshybridhunter/so-communitybro:HH1.0.3 - - privileged: True - - binds: - - /nsm/bro/logs:/nsm/bro/logs:rw - - /nsm/bro/spool:/nsm/bro/spool:rw - - /nsm/bro/extracted:/nsm/bro/extracted:rw - - /opt/so/conf/bro/local.bro:/opt/bro/share/bro/site/local.bro:ro - - /opt/so/conf/bro/node.cfg:/opt/bro/etc/node.cfg:ro - - /opt/so/conf/bro/policy/securityonion:/opt/bro/share/bro/policy/securityonion:ro - - /opt/so/conf/bro/policy/custom:/opt/bro/share/bro/policy/custom:ro - - /opt/so/conf/bro/policy/intel:/opt/bro/share/bro/policy/intel:rw - - network_mode: host - - watch: - - file: /opt/so/conf/bro/local.bro - - file: /opt/so/conf/bro/node.cfg - - file: /opt/so/conf/bro/policy - -{% else %} -localbrosync: - file.managed: - - name: /opt/so/conf/bro/local.bro - - source: salt://bro/files/local.bro - - user: 937 - - group: 939 - - template: jinja - -so-broimage: - cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-bro:HH1.1.1 - -so-bro: - docker_container.running: - - require: - - so-broimage - - image: docker.io/soshybridhunter/so-bro:HH1.1.1 - - privileged: True - - binds: - - /nsm/bro/logs:/nsm/bro/logs:rw - - /nsm/bro/spool:/nsm/bro/spool:rw - - /nsm/bro/extracted:/nsm/bro/extracted:rw - - /opt/so/conf/bro/local.bro:/opt/bro/share/bro/site/local.bro:ro - - /opt/so/conf/bro/node.cfg:/opt/bro/etc/node.cfg:ro - - /opt/so/conf/bro/bpf:/opt/bro/share/bro/site/bpf:ro - - /opt/so/conf/bro/policy/securityonion:/opt/bro/share/bro/policy/securityonion:ro - - /opt/so/conf/bro/policy/custom:/opt/bro/share/bro/policy/custom:ro - - /opt/so/conf/bro/policy/intel:/opt/bro/share/bro/policy/intel:rw - - network_mode: host - - watch: - - file: /opt/so/conf/bro/local.bro - - file: /opt/so/conf/bro/node.cfg - - file: /opt/so/conf/bro/policy - - file: /opt/so/conf/bro/bpf -{% endif %} diff --git a/salt/deprecated-bro/policy/intel/__load__.bro b/salt/deprecated-bro/policy/intel/__load__.bro deleted file mode 100644 index 4a4d603a7..000000000 --- a/salt/deprecated-bro/policy/intel/__load__.bro +++ /dev/null @@ -1 +0,0 @@ -#Intel diff --git a/salt/deprecated-bro/policy/securityonion/add-interface-to-logs.bro b/salt/deprecated-bro/policy/securityonion/add-interface-to-logs.bro deleted file mode 100644 index 674b9272a..000000000 --- a/salt/deprecated-bro/policy/securityonion/add-interface-to-logs.bro +++ /dev/null @@ -1,20 +0,0 @@ -{%- set interface = salt['pillar.get']('sensor:interface', '0') %} -global interface = "{{ interface }}"; - -event bro_init() - { - if ( ! reading_live_traffic() ) - return; - - Log::remove_default_filter(HTTP::LOG); - Log::add_filter(HTTP::LOG, [$name = "http-interfaces", - $path_func(id: Log::ID, path: string, rec: HTTP::Info) = - { - local peer = get_event_peer()$descr; - if ( peer in Cluster::nodes && Cluster::nodes[peer]?$interface ) - return cat("http_", Cluster::nodes[peer]$interface); - else - return "http"; - } - ]); - } diff --git a/salt/deprecated-bro/policy/securityonion/apt1/__load__.bro b/salt/deprecated-bro/policy/securityonion/apt1/__load__.bro deleted file mode 100644 index de931eaac..000000000 --- a/salt/deprecated-bro/policy/securityonion/apt1/__load__.bro +++ /dev/null @@ -1,9 +0,0 @@ -@load frameworks/intel/seen -@load frameworks/intel/do_notice -@load frameworks/files/hash-all-files - -redef Intel::read_files += { - fmt("%s/apt1-fqdn.dat", @DIR), - fmt("%s/apt1-md5.dat", @DIR), - fmt("%s/apt1-certs.dat", @DIR) -}; diff --git a/salt/deprecated-bro/policy/securityonion/apt1/apt1-certs.dat b/salt/deprecated-bro/policy/securityonion/apt1/apt1-certs.dat deleted file mode 100644 index 3f5e643ac..000000000 --- a/salt/deprecated-bro/policy/securityonion/apt1/apt1-certs.dat +++ /dev/null @@ -1,26 +0,0 @@ -#fields indicator indicator_type meta.source meta.desc meta.do_notice -b054e26ef827fbbf5829f84a9bdbb697a5b042fc Intel::CERT_HASH Mandiant APT1 Report ALPHA T -7bc0cc2cf7c3a996c32dbe7e938993f7087105b4 Intel::CERT_HASH Mandiant APT1 Report AOL T -7855c132af1390413d4e4ff4ead321f8802d8243 Intel::CERT_HASH Mandiant APT1 Report AOL T -f3e3c590d7126bd227733e9d8313d2575c421243 Intel::CERT_HASH Mandiant APT1 Report AOL T -d4d4e896ce7d73b573f0a0006080a246aec61fe7 Intel::CERT_HASH Mandiant APT1 Report AOL T -bcdf4809c1886ac95478bbafde246d0603934298 Intel::CERT_HASH Mandiant APT1 Report AOL T -6b4855df8afc8d57a671fe5ed628f6d88852a922 Intel::CERT_HASH Mandiant APT1 Report AOL T -d50fdc82c328319ac60f256d3119b8708cd5717b Intel::CERT_HASH Mandiant APT1 Report AOL T -70b48d5177eebe9c762e9a37ecabebfd10e1b7e9 Intel::CERT_HASH Mandiant APT1 Report AOL T -3a6a299b764500ce1b6e58a32a257139d61a3543 Intel::CERT_HASH Mandiant APT1 Report AOL T -bf4f90e0029b2263af1141963ddf2a0c71a6b5fb Intel::CERT_HASH Mandiant APT1 Report AOL T -b21139583dec0dae344cca530690ec1f344acc79 Intel::CERT_HASH Mandiant APT1 Report AOL T -21971ffef58baf6f638df2f7e2cceb4c58b173c8 Intel::CERT_HASH Mandiant APT1 Report EMAIL T -04ecff66973c92a1c348666d5a4738557cce0cfc Intel::CERT_HASH Mandiant APT1 Report IBM T -f97d1a703aec44d0f53a3a294e33acda43a49de1 Intel::CERT_HASH Mandiant APT1 Report IBM T -c0d32301a7c96ecb0bc8e381ec19e6b4eaf5d2fe Intel::CERT_HASH Mandiant APT1 Report IBM T -1b27a897cda019da2c3a6dc838761871e8bf5b5d Intel::CERT_HASH Mandiant APT1 Report LAME T -d515996e8696612dc78fc6db39006466fc6550df Intel::CERT_HASH Mandiant APT1 Report MOON-NIGHT T -8f79315659e59c79f1301ef4aee67b18ae2d9f1c Intel::CERT_HASH Mandiant APT1 Report NONAME T -a57a84975e31e376e3512da7b05ad06ef6441f53 Intel::CERT_HASH Mandiant APT1 Report NS T -b3db37a0edde97b3c3c15da5f2d81d27af82f583 Intel::CERT_HASH Mandiant APT1 Report SERVER (PEM) T -6d8f1454f6392361fb2464b744d4fc09eee5fcfd Intel::CERT_HASH Mandiant APT1 Report SUR T -b66e230f404b2cc1c033ccacda5d0a14b74a2752 Intel::CERT_HASH Mandiant APT1 Report VIRTUALLYTHERE T -4acbadb86a91834493dde276736cdf8f7ef5d497 Intel::CERT_HASH Mandiant APT1 Report WEBMAIL T -86a48093d9b577955c4c9bd19e30536aae5543d4 Intel::CERT_HASH Mandiant APT1 Report YAHOO T \ No newline at end of file diff --git a/salt/deprecated-bro/policy/securityonion/apt1/apt1-fqdn.dat b/salt/deprecated-bro/policy/securityonion/apt1/apt1-fqdn.dat deleted file mode 100644 index f0a57f8c3..000000000 --- a/salt/deprecated-bro/policy/securityonion/apt1/apt1-fqdn.dat +++ /dev/null @@ -1,2049 +0,0 @@ -#fields indicator indicator_type meta.source meta.do_notice -# The following line is for testing only. Please keep it commented out when running in production. -#time.windows.com Intel::DOMAIN Test FQDN T -advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -aolon1ine.com Intel::DOMAIN Mandiant APT1 Report T -applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -attnpower.com Intel::DOMAIN Mandiant APT1 Report T -aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -avvmail.com Intel::DOMAIN Mandiant APT1 Report T -bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -bigish.net Intel::DOMAIN Mandiant APT1 Report T -blackberrycluter.com Intel::DOMAIN Mandiant APT1 Report T -blackcake.net Intel::DOMAIN Mandiant APT1 Report T -bluecoate.com Intel::DOMAIN Mandiant APT1 Report T -booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -bpyoyo.com Intel::DOMAIN Mandiant APT1 Report T -businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -businessformars.com Intel::DOMAIN Mandiant APT1 Report T -busketball.com Intel::DOMAIN Mandiant APT1 Report T -canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -cnndaily.net Intel::DOMAIN Mandiant APT1 Report T -cnnnewsdaily.com Intel::DOMAIN Mandiant APT1 Report T -cometoway.org Intel::DOMAIN Mandiant APT1 Report T -companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -competrip.com Intel::DOMAIN Mandiant APT1 Report T -comrepair.net Intel::DOMAIN Mandiant APT1 Report T -conferencesinfo.com Intel::DOMAIN Mandiant APT1 Report T -copporationnews.com Intel::DOMAIN Mandiant APT1 Report T -cslisten.com Intel::DOMAIN Mandiant APT1 Report T -defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -giftnews.org Intel::DOMAIN Mandiant APT1 Report T -globalowa.com Intel::DOMAIN Mandiant APT1 Report T -gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -hkcastte.com Intel::DOMAIN Mandiant APT1 Report T -hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -hvmetal.com Intel::DOMAIN Mandiant APT1 Report T -idirectech.com Intel::DOMAIN Mandiant APT1 Report T -ifexcel.com Intel::DOMAIN Mandiant APT1 Report T -infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -infosupports.com Intel::DOMAIN Mandiant APT1 Report T -issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -livemymsn.com Intel::DOMAIN Mandiant APT1 Report T -lksoftvc.net Intel::DOMAIN Mandiant APT1 Report T -maltempata.com Intel::DOMAIN Mandiant APT1 Report T -marsbrother.com Intel::DOMAIN Mandiant APT1 Report T -mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -mediaxsds.net Intel::DOMAIN Mandiant APT1 Report T -microsoft-update-info.com Intel::DOMAIN Mandiant APT1 Report T -micyuisyahooapis.com Intel::DOMAIN Mandiant APT1 Report T -msnhome.org Intel::DOMAIN Mandiant APT1 Report T -myyahoonews.com Intel::DOMAIN Mandiant APT1 Report T -nationtour.net Intel::DOMAIN Mandiant APT1 Report T -newsesport.com Intel::DOMAIN Mandiant APT1 Report T -newsonet.net Intel::DOMAIN Mandiant APT1 Report T -newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -newspappers.org Intel::DOMAIN Mandiant APT1 Report T -nirvanaol.com Intel::DOMAIN Mandiant APT1 Report T -ns06.net Intel::DOMAIN Mandiant APT1 Report T -nytimesnews.net Intel::DOMAIN Mandiant APT1 Report T -olmusic100.com Intel::DOMAIN Mandiant APT1 Report T -onefastgame.net Intel::DOMAIN Mandiant APT1 Report T -oplaymagzine.com Intel::DOMAIN Mandiant APT1 Report T -pcclubddk.net Intel::DOMAIN Mandiant APT1 Report T -phoenixtvus.com Intel::DOMAIN Mandiant APT1 Report T -pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -progammerli.com Intel::DOMAIN Mandiant APT1 Report T -purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -regicsgf.net Intel::DOMAIN Mandiant APT1 Report T -reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -rssadvanced.org Intel::DOMAIN Mandiant APT1 Report T -safalife.com Intel::DOMAIN Mandiant APT1 Report T -saltlakenews.org Intel::DOMAIN Mandiant APT1 Report T -satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -searchforca.com Intel::DOMAIN Mandiant APT1 Report T -shepmas.com Intel::DOMAIN Mandiant APT1 Report T -skyswim.net Intel::DOMAIN Mandiant APT1 Report T -softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -sportreadok.net Intel::DOMAIN Mandiant APT1 Report T -staycools.net Intel::DOMAIN Mandiant APT1 Report T -symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -syscation.com Intel::DOMAIN Mandiant APT1 Report T -syscation.net Intel::DOMAIN Mandiant APT1 Report T -tfxdccssl.net Intel::DOMAIN Mandiant APT1 Report T -thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -tibethome.org Intel::DOMAIN Mandiant APT1 Report T -todayusa.org Intel::DOMAIN Mandiant APT1 Report T -usabbs.org Intel::DOMAIN Mandiant APT1 Report T -usapappers.com Intel::DOMAIN Mandiant APT1 Report T -ushongkong.org Intel::DOMAIN Mandiant APT1 Report T -usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -usnftc.org Intel::DOMAIN Mandiant APT1 Report T -ustvb.com Intel::DOMAIN Mandiant APT1 Report T -uszzcs.com Intel::DOMAIN Mandiant APT1 Report T -voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -webservicesupdate.com Intel::DOMAIN Mandiant APT1 Report T -worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -youipcam.com Intel::DOMAIN Mandiant APT1 Report T -08elec.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -09back.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -3ml.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -3pma.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -4cback.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -7cback.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -911.cnnnewsdaily.com Intel::DOMAIN Mandiant APT1 Report T -a-ad.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -a-af.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -aam.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -aar.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -aarco.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -a-bne.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -abs.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -acer.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -acli-mail.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -a-co.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -acu.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -adb.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -add.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -addr.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -adi002.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -a-dl.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -admin.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -admin.datastorage01.org Intel::DOMAIN Mandiant APT1 Report T -admin.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -admin.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -adobe.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -ads.bpyoyo.com Intel::DOMAIN Mandiant APT1 Report T -adt.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -adt001.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -adt002.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -adtk.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -adtkl.bigish.net Intel::DOMAIN Mandiant APT1 Report T -adtkl.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -adtlk.bigish.net Intel::DOMAIN Mandiant APT1 Report T -ae.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -a-ec.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -a-ep.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -aero.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -aes.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -a-ex.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -af.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -afda.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -a-fj.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -africa.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -africa.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -africa.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -africadb.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -afw.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -a-ga.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -agl.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -ago.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -a-gon.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -a-he.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -a-he.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -a-if.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -a-iho.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -aiic.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -aip.comrepair.net Intel::DOMAIN Mandiant APT1 Report T -airline.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -airplane.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -ait.busketball.com Intel::DOMAIN Mandiant APT1 Report T -a-ja.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -a-jsm.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -a-jsm.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -ak47.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -ak47.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -alarm.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -alarm.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -alcan.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -alion.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -alone.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -amanda.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -amne.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -ams.busketball.com Intel::DOMAIN Mandiant APT1 Report T -amusement.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -analysis.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -anglo.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -anti.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -aol.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -a-ol.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -aol.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -aol.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -aon.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -a-ov.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -apa.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -apa.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -apa.safalife.com Intel::DOMAIN Mandiant APT1 Report T -apejack.bigish.net Intel::DOMAIN Mandiant APT1 Report T -apekl.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -a-pep.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -app.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -app.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -apple.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -apple.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -apple.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -apple.rssadvanced.org Intel::DOMAIN Mandiant APT1 Report T -aps.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -apss.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -apss.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -ara.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -ara.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -ara2.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -ara2.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -arainfo.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -arainfo.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -a-rdr.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -ares.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -argsafhq.blackberrycluter.com Intel::DOMAIN Mandiant APT1 Report T -a-ri.comrepair.net Intel::DOMAIN Mandiant APT1 Report T -armi.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -army.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -army.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -ascn.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -asiv.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -asp.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -asp.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -asp.busketball.com Intel::DOMAIN Mandiant APT1 Report T -asp.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -ass.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -astone.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -atm.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -atom.busketball.com Intel::DOMAIN Mandiant APT1 Report T -a-uac.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -a-un.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -ausi.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -auto.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -auto.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -auto.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -auto.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -auto.livemymsn.com Intel::DOMAIN Mandiant APT1 Report T -auto.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -auto.myyahoonews.com Intel::DOMAIN Mandiant APT1 Report T -avast.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -avph.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -a-za.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -a-za.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -a-zx.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -b.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -bab.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -back.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -back.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -back.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -back.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -backsun.busketball.com Intel::DOMAIN Mandiant APT1 Report T -backup.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -backup.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -backup.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -backupsw.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -banner.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -barity.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -basketball.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -bass.busketball.com Intel::DOMAIN Mandiant APT1 Report T -bat.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -bat.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -bat.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -bat.safalife.com Intel::DOMAIN Mandiant APT1 Report T -bbb.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -bbh.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -bbs.busketball.com Intel::DOMAIN Mandiant APT1 Report T -bbs.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -bbsfu.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -bcc.blackberrycluter.com Intel::DOMAIN Mandiant APT1 Report T -bcc.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -bcc.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -bee.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -bee.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -bee.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -bg-g.comrepair.net Intel::DOMAIN Mandiant APT1 Report T -bhbt.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -bhbt.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -bing.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -bitdefender.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -bkav.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -bkav2007.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -bksy.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -black.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -black.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -blackfish.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -bll.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -blog.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -blog.busketball.com Intel::DOMAIN Mandiant APT1 Report T -blog.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -blog.regicsgf.net Intel::DOMAIN Mandiant APT1 Report T -blow.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -blue.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -bluefin.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -bmi.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -bob.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -bobo.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -bobo.oplaymagzine.com Intel::DOMAIN Mandiant APT1 Report T -book.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -book.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -book.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -bot.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -bourne.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -bphb.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -bring.busketball.com Intel::DOMAIN Mandiant APT1 Report T -brog.regicsgf.net Intel::DOMAIN Mandiant APT1 Report T -bswt.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -built.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -business.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -business.chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -business.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -business.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -business.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -business.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -buy.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -buy.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -buycow.busketball.com Intel::DOMAIN Mandiant APT1 Report T -buyer.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -buz.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -c.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -caaid.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -cac.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -cac.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -cache.aolon1ine.com Intel::DOMAIN Mandiant APT1 Report T -cacq.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -cadfait.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -cais.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -cais.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -can.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -canada.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -canary.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -cappuccino.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -car1.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -care.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -care.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -cars.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -carvin.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -catalog.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -ccsukl.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -cdc01.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -cdcd.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -cdd.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -cdrnkl.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -cecilia.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -ce-ip.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -center.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -center.busketball.com Intel::DOMAIN Mandiant APT1 Report T -center.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -ceros.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -cetv.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -chat.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -chat.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -check.staycools.net Intel::DOMAIN Mandiant APT1 Report T -check.thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -chicken.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -chicken.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -chivas.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -chq.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -christitannahill.appspot.com Intel::DOMAIN Mandiant APT1 Report T -cib.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -cibuc.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -citrix.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -citt.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -city.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -class.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -client.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -climate.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -climate.oplaymagzine.com Intel::DOMAIN Mandiant APT1 Report T -clin.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -cman.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -cmp.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -cobh.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -coco.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -code.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -code.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -coe.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -coe.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -coer.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -cok.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -com.conferencesinfo.com Intel::DOMAIN Mandiant APT1 Report T -comfile.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -commpany.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -company.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -compfile.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -compu.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -compute.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -conn.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -contact.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -contact.bigish.net Intel::DOMAIN Mandiant APT1 Report T -contact.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -contact.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -contact.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -contact.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -content.cnnnewsdaily.com Intel::DOMAIN Mandiant APT1 Report T -control.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -control.blackberrycluter.com Intel::DOMAIN Mandiant APT1 Report T -cook.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -cool.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -cool.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -corn.busketball.com Intel::DOMAIN Mandiant APT1 Report T -corp.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -corp.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -cost.cnnnewsdaily.com Intel::DOMAIN Mandiant APT1 Report T -count.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -country.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -cow.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -cowboy.bigish.net Intel::DOMAIN Mandiant APT1 Report T -cowboy.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -crab.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -crab.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -crab.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -crackling123.appspot.com Intel::DOMAIN Mandiant APT1 Report T -cross.busketball.com Intel::DOMAIN Mandiant APT1 Report T -crz.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -cs.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -csch.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -csupp.bigish.net Intel::DOMAIN Mandiant APT1 Report T -ctcn.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -ctcs.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -ctcs.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -ctimoon.marsbrother.com Intel::DOMAIN Mandiant APT1 Report T -ctisk.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -cubbh.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -cubh.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -culture.chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -cure.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -current.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -cw.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -cw.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -cw.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -cw.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -cw.searchforca.com Intel::DOMAIN Mandiant APT1 Report T -cwe.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -cwe80.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -cwel.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -cws.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -d.bpyoyo.com Intel::DOMAIN Mandiant APT1 Report T -da.comrepair.net Intel::DOMAIN Mandiant APT1 Report T -daa.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -daily.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -data.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -date.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -date.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -date.rssadvanced.org Intel::DOMAIN Mandiant APT1 Report T -date.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -datehelp.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -dating.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -db.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -default.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -defense.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -del.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -demo.myyahoonews.com Intel::DOMAIN Mandiant APT1 Report T -den.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -denel.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -densun.comrepair.net Intel::DOMAIN Mandiant APT1 Report T -des.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -des.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -develop.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -dhfx.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -dias.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -digi.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -dith.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -dl.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -dlkl.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -dnn.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -dns.chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -dns.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -dns.issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -dns.progammerli.com Intel::DOMAIN Mandiant APT1 Report T -dns.webservicesupdate.com Intel::DOMAIN Mandiant APT1 Report T -dns1.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -dnsg.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -do.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -doa.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -docu.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -documents.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -documents.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -documents.busketball.com Intel::DOMAIN Mandiant APT1 Report T -documents.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -documents.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -documents.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -documents.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -documents.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -dod.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -doekl.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -domain.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -domain.busketball.com Intel::DOMAIN Mandiant APT1 Report T -domain.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -dorkia.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -dot.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -dotnet.safalife.com Intel::DOMAIN Mandiant APT1 Report T -dove.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -down.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -down.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -down.safalife.com Intel::DOMAIN Mandiant APT1 Report T -download.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -download.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -download.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -download.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -download.idirectech.com Intel::DOMAIN Mandiant APT1 Report T -download.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -download.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -downloads.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -downupdate.bigish.net Intel::DOMAIN Mandiant APT1 Report T -dp.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -dq.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -drb.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -drinkwater.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -drop.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -dsh.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -dsw.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -dvid.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -dvid.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -dvn.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -dyn.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -dyn.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -dyns.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -e.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -e.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -e.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -e.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -e.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -e.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -e.ifexcel.com Intel::DOMAIN Mandiant APT1 Report T -e.microsoft-update-info.com Intel::DOMAIN Mandiant APT1 Report T -e.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -e.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -e.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -e.staycools.net Intel::DOMAIN Mandiant APT1 Report T -e.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -e.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -e.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -e.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -e.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -eaof.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -east.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -eatbeef.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -ecli-cow.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -edit.aolon1ine.com Intel::DOMAIN Mandiant APT1 Report T -edu.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -education.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -education.rssadvanced.org Intel::DOMAIN Mandiant APT1 Report T -eeaa.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -eee.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -egcc.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -email.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -email.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -email.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -email.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -email.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -email.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -email.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -email.cnndaily.net Intel::DOMAIN Mandiant APT1 Report T -email.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -email.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -email.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -email.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -email.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -email.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -email.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -email.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -email.micyuisyahooapis.com Intel::DOMAIN Mandiant APT1 Report T -email.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -email.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -email.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -email.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -email.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -email.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -email.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -email.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -email.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -email.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -emam.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -en.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -energy.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -energy.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -energy.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -energy.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -energy.searchforca.com Intel::DOMAIN Mandiant APT1 Report T -energy.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -engine.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -engineering.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -environment.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -eoaf.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -epod.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -eu.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -eum.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -europa.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -europe.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -ever.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -everest.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -eye.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -f3tel.bigish.net Intel::DOMAIN Mandiant APT1 Report T -face.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -facebook.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -faq.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -fashion.cnnnewsdaily.com Intel::DOMAIN Mandiant APT1 Report T -fax.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -fax.cnndaily.net Intel::DOMAIN Mandiant APT1 Report T -fax.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -fax.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -fax.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -fax.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -fax.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -fax.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -fax.micyuisyahooapis.com Intel::DOMAIN Mandiant APT1 Report T -fax.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -fax.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -fax.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -fax.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -fcn.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -fed.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -ffej.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -ffej.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -fher.bigish.net Intel::DOMAIN Mandiant APT1 Report T -fher.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -fhh.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -file.cnnnewsdaily.com Intel::DOMAIN Mandiant APT1 Report T -file.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -files.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -files.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -fileshare.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -fileyp.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -film.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -fim.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -fim.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -finance.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -finance.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -finance.chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -finance.cnnnewsdaily.com Intel::DOMAIN Mandiant APT1 Report T -finance.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -finance.staycools.net Intel::DOMAIN Mandiant APT1 Report T -finance.thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -finance.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -finance.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -finance.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -finance.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -financial.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -fine.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -fineca.blackberrycluter.com Intel::DOMAIN Mandiant APT1 Report T -fineca.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -finekl.bigish.net Intel::DOMAIN Mandiant APT1 Report T -finekl.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -finekl.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -fiona.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -fire.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -fire1.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -first.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -fjod.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -fkfc.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -flash.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -flash.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -flash.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -flash.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -flash.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -flash.livemymsn.com Intel::DOMAIN Mandiant APT1 Report T -flash.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -flash.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -flash.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -flash.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -flucare.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -fly.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -fme.busketball.com Intel::DOMAIN Mandiant APT1 Report T -f-mi.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -fmp.bigish.net Intel::DOMAIN Mandiant APT1 Report T -fmp.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -fnem.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -fni.bigish.net Intel::DOMAIN Mandiant APT1 Report T -fni.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -fni.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -fnpc.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -fnrn.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -fntel.bigish.net Intel::DOMAIN Mandiant APT1 Report T -fok.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -follow.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -food.busketball.com Intel::DOMAIN Mandiant APT1 Report T -food.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -football.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -forum.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -free.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -friends.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -froum.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -fs.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -fs.searchforca.com Intel::DOMAIN Mandiant APT1 Report T -fstl.bigish.net Intel::DOMAIN Mandiant APT1 Report T -fstl.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -fstl.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -ftp.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -ftp.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -ftp.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -ftp.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -ftp.bpyoyo.com Intel::DOMAIN Mandiant APT1 Report T -ftp.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -ftp.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -ftp.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -ftp.cnndaily.net Intel::DOMAIN Mandiant APT1 Report T -ftp.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -ftp.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -ftp.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -ftp.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -ftp.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -ftp.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -ftp.micyuisyahooapis.com Intel::DOMAIN Mandiant APT1 Report T -ftp.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -ftp.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -ftp.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -ftp.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -ftp.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -ftp.staycools.net Intel::DOMAIN Mandiant APT1 Report T -ftp.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -ftp.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -ftp.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -ftp.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -ftp.ustvb.com Intel::DOMAIN Mandiant APT1 Report T -ftp.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -ftph.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -ftrj.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -fuck.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -fun.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -function.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -function.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -funny.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -funny.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -fwb.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -fwb.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -fwmo.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -fwmo.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -fy.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -fza.marsbrother.com Intel::DOMAIN Mandiant APT1 Report T -gaca.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -gaca.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -game.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -game.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -games.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -gannett.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -gatu.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -gayi.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -gee.safalife.com Intel::DOMAIN Mandiant APT1 Report T -gege.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -gege.oplaymagzine.com Intel::DOMAIN Mandiant APT1 Report T -geneticmedicine.conferencesinfo.com Intel::DOMAIN Mandiant APT1 Report T -geo.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -geology.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -geology.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -gg.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -gg.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -ghma.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -gjjr.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -gjmy.comrepair.net Intel::DOMAIN Mandiant APT1 Report T -gl.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -glj.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -global.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -global.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -globalization.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -glx.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -gmail.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -gmail.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -gmail.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -google.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -goverment.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -green.safalife.com Intel::DOMAIN Mandiant APT1 Report T -ground.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -ground.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -ground.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -gsti.busketball.com Intel::DOMAIN Mandiant APT1 Report T -gsup.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -half.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -half.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -happy.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -happy.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -happy.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -happy.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -happyfish.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -hav.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -health.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -hello.mediaxsds.net Intel::DOMAIN Mandiant APT1 Report T -help.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -help.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -help.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -help.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -help.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -help.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -help.thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -hi.bpyoyo.com Intel::DOMAIN Mandiant APT1 Report T -hill.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -hill.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -hill.businessformars.com Intel::DOMAIN Mandiant APT1 Report T -hill.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -hm.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -home.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -home.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -home.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -home.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -home.staycools.net Intel::DOMAIN Mandiant APT1 Report T -hon.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -host.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -host.issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -host.regicsgf.net Intel::DOMAIN Mandiant APT1 Report T -hostname.regicsgf.net Intel::DOMAIN Mandiant APT1 Report T -hot.thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -hotel.safalife.com Intel::DOMAIN Mandiant APT1 Report T -house.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -house.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -house.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -housew.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -hpd.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -hq.lksoftvc.net Intel::DOMAIN Mandiant APT1 Report T -hrsy.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -https.lksoftvc.net Intel::DOMAIN Mandiant APT1 Report T -https.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -https.progammerli.com Intel::DOMAIN Mandiant APT1 Report T -hu.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -hun.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -hy.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -hy.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -iabk.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -iabk.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -iai.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -iamge.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -idtheft.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -iea.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -iexchangefxn.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -ifc.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -image.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -image.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -image.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -image.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -image.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -images.spmiller.org Intel::DOMAIN Mandiant APT1 Report T -important.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -index.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -india.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -indian.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -indian.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -indonesia.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -info.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -info.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -info.bigish.net Intel::DOMAIN Mandiant APT1 Report T -info.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -info.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -info.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -info.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -info.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -info.idirectech.com Intel::DOMAIN Mandiant APT1 Report T -info.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -info.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -info.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -info.rssadvanced.org Intel::DOMAIN Mandiant APT1 Report T -info.saltlakenews.org Intel::DOMAIN Mandiant APT1 Report T -info.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -info.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -info.theagenews.com Intel::DOMAIN Mandiant APT1 Report T -info.thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -info.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -info.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -information.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -information.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -information.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -information.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -information.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -ins.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -insat.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -int.busketball.com Intel::DOMAIN Mandiant APT1 Report T -int.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -intel.busketball.com Intel::DOMAIN Mandiant APT1 Report T -intel.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -intel.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -inter.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -international.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -invest.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -ips.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -iri.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -iri.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -irl.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -irs.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -irs.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -irsauctions.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -irssales.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -iscu.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -iswb.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -it.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -it.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -itau.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -itinfo.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -japan.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -java.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -jbei.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -jeff.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -jeph.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -jf.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -jfn.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -jfs.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -jhd.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -jhd.safalife.com Intel::DOMAIN Mandiant APT1 Report T -jhsfkjlhjsf.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -job.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -job.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -job.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -jobs.mediaxsds.net Intel::DOMAIN Mandiant APT1 Report T -johnford985.appspot.com Intel::DOMAIN Mandiant APT1 Report T -jr.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -juda.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -jwss.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -kf.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -khoda.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -king-kl.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -kit.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -kit.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -klape.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -klati.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -klbakerm.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -klbar.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -klbis.bigish.net Intel::DOMAIN Mandiant APT1 Report T -klbis.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -klbis.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -kl-care.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -klcirf.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -klcocon.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -klecca.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -klecca.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -klenvi.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -kl-hqun.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -kl-hqun.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -kliee.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -kl-knab.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -kllhd.bigish.net Intel::DOMAIN Mandiant APT1 Report T -kllhd.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -kl-mfa.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -klmfat.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -klnrdc.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -klnrdc.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -klotp.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -klpiec.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -kl-rfc.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -kl-rio.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -kluscc.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -kl-vfw.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -klwest.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -knab.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -knews.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -koa.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -ks.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -ks.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -ks.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -ks.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -ks.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -ks.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -ks.petrotdl.com Intel::DOMAIN Mandiant APT1 Report T -ks.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -ks.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -ksaa.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -ksap.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -kshan.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -kusw.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -lab.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -lan.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -launch.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -law.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -law.myyahoonews.com Intel::DOMAIN Mandiant APT1 Report T -lawste.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -lawste2.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -lcan.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -leets.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -leon.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -lhd.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -lib.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -life.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -link.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -linkup.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -linux.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -lion.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -listen.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -live.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -living.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -ln.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -lnz.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -loading.bigish.net Intel::DOMAIN Mandiant APT1 Report T -local.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -log.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -log.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -log.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -log.issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -log.sportreadok.net Intel::DOMAIN Mandiant APT1 Report T -login.aolon1ine.com Intel::DOMAIN Mandiant APT1 Report T -login.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -login.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -login.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -login.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -login.safalife.com Intel::DOMAIN Mandiant APT1 Report T -logo.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -logo.staycools.net Intel::DOMAIN Mandiant APT1 Report T -logo.thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -logon.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -logs.chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -logs.issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -logs.pcclubddk.net Intel::DOMAIN Mandiant APT1 Report T -logs.sportreadok.net Intel::DOMAIN Mandiant APT1 Report T -lone.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -loper.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -lost.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -lost.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -love.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -love.busketball.com Intel::DOMAIN Mandiant APT1 Report T -love.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -lovecocon.bigish.net Intel::DOMAIN Mandiant APT1 Report T -loveit.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -lrl.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -lucie.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -lucy.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -lucy.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -lucy.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -lucy.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -lucy2.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -lucy2.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -lw.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -lw.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -lw.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -lw.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -lwave.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -m.cslisten.com Intel::DOMAIN Mandiant APT1 Report T -m.ifexcel.com Intel::DOMAIN Mandiant APT1 Report T -macfee.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -magazine.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -magazine.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -magic.tfxdccssl.net Intel::DOMAIN Mandiant APT1 Report T -mail.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -mail.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -mail.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -mail.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -mail.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -mail.bigish.net Intel::DOMAIN Mandiant APT1 Report T -mail.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -mail.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -mail.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -mail.chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -mail.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -mail.cnndaily.net Intel::DOMAIN Mandiant APT1 Report T -mail.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -mail.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -mail.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -mail.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -mail.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -mail.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -mail.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -mail.lksoftvc.net Intel::DOMAIN Mandiant APT1 Report T -mail.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -mail.micyuisyahooapis.com Intel::DOMAIN Mandiant APT1 Report T -mail.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -mail.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -mail.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -mail.oplaymagzine.com Intel::DOMAIN Mandiant APT1 Report T -mail.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -mail.safalife.com Intel::DOMAIN Mandiant APT1 Report T -mail.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -mail.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -mail.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -mail.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -mail.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -mail.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -mail.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -mail.ustvb.com Intel::DOMAIN Mandiant APT1 Report T -mail.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -mail.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -mail2.syscation.net Intel::DOMAIN Mandiant APT1 Report T -mailbbs.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -mails.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -mailsrv.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -main.busketball.com Intel::DOMAIN Mandiant APT1 Report T -man001.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -man001.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -map.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -maria.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -marines.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -max.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -mc.bigish.net Intel::DOMAIN Mandiant APT1 Report T -mcsc.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -me.busketball.com Intel::DOMAIN Mandiant APT1 Report T -media.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -media.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -media.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -media.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -media.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -media.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -media.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -media.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -medicine.chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -medicine.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -meg.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -meily.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -memberd.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -message.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -messenger.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -method.ns06.net Intel::DOMAIN Mandiant APT1 Report T -mfa.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -mfc.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -micro.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -microsoft.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -milk.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -mini.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -mint.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -mko.busketball.com Intel::DOMAIN Mandiant APT1 Report T -mlls.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -mobile.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -money.sportreadok.net Intel::DOMAIN Mandiant APT1 Report T -moon.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -moon.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -mor.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -more.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -mos.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -moto.busketball.com Intel::DOMAIN Mandiant APT1 Report T -moto.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -moto.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -moto1.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -moto2.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -motoa.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -motor.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -movie.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -movies.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -mpe.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -msn.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -music.bpyoyo.com Intel::DOMAIN Mandiant APT1 Report T -music.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -music.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -music.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -mx.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -my.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -my550.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -myfamily.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -mynet.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -myoil.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -mysql.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -na.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -na.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -nat.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -nature.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -nav.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -navi.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -navi.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -nci.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -nci.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -nci.safalife.com Intel::DOMAIN Mandiant APT1 Report T -ncih.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -ncsc.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -ne.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -nes.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -net.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -net.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -new.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -new.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -new.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -new.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -newport.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -newport.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -newport.safalife.com Intel::DOMAIN Mandiant APT1 Report T -news.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -news.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -news.aolon1ine.com Intel::DOMAIN Mandiant APT1 Report T -news.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -news.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -news.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -news.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -news.bpyoyo.com Intel::DOMAIN Mandiant APT1 Report T -news.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -news.busketball.com Intel::DOMAIN Mandiant APT1 Report T -news.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -news.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -news.chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -news.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -news.cnnnewsdaily.com Intel::DOMAIN Mandiant APT1 Report T -news.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -news.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -news.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -news.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -news.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -news.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -news.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -news.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -news.issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -news.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -news.lksoftvc.net Intel::DOMAIN Mandiant APT1 Report T -news.marsbrother.com Intel::DOMAIN Mandiant APT1 Report T -news.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -news.mediaxsds.net Intel::DOMAIN Mandiant APT1 Report T -news.micyuisyahooapis.com Intel::DOMAIN Mandiant APT1 Report T -news.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -news.myyahoonews.com Intel::DOMAIN Mandiant APT1 Report T -news.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -news.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -news.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -news.nytimesnews.net Intel::DOMAIN Mandiant APT1 Report T -news.pcclubddk.net Intel::DOMAIN Mandiant APT1 Report T -news.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -news.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -news.rssadvanced.org Intel::DOMAIN Mandiant APT1 Report T -news.safalife.com Intel::DOMAIN Mandiant APT1 Report T -news.saltlakenews.org Intel::DOMAIN Mandiant APT1 Report T -news.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -news.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -news.sportreadok.net Intel::DOMAIN Mandiant APT1 Report T -news.staycools.net Intel::DOMAIN Mandiant APT1 Report T -news.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -news.thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -news.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -news.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -news.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -news.yahoo.com.conferencesinfo.com Intel::DOMAIN Mandiant APT1 Report T -news.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -newstar.nytimesnews.net Intel::DOMAIN Mandiant APT1 Report T -newstar.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -newstime.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -newyork.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -ngc.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -ngng.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -nh.microsoft-update-info.com Intel::DOMAIN Mandiant APT1 Report T -nhc.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -nhs.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -nhs1.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -nhs1.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -nhsl.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -nic.safalife.com Intel::DOMAIN Mandiant APT1 Report T -nicenews.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -night.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -nis.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -nl.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -nod.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -nol.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -norin.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -notebook.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -nousage.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -nrfn.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -ns.issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -nt.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -nucor001.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -nukor001.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -nullmx.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -num.safalife.com Intel::DOMAIN Mandiant APT1 Report T -o.ifexcel.com Intel::DOMAIN Mandiant APT1 Report T -object.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -office.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -okie.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -old.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -oliver.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -once.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -onk.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -online.livemymsn.com Intel::DOMAIN Mandiant APT1 Report T -online.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -online.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -online.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -online.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -ope.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -opp.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -oppa.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -opts.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -orca.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -ord.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -orient.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -otp.blackberrycluter.com Intel::DOMAIN Mandiant APT1 Report T -otps.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -ou.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -ou1.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -ou1.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -ou2.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -ou2.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -ou3.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -ou4.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -ou5.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -ou6.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -ou7.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -outlook.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -outlooks.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -owa.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -owa.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -owa.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -owa.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -pacific.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -pacific.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -pack.cnnnewsdaily.com Intel::DOMAIN Mandiant APT1 Report T -pact.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -paekl.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -papper.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -papper.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -pars.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -part.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -part.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -parth.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -pay.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -pay.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -payse.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -pcie.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -pda.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -pda.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -pda.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -pda.staycools.net Intel::DOMAIN Mandiant APT1 Report T -pda.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -pdoc.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -pear.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -pear.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -pear.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -people.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -phb.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -phe.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -philippines.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -pic.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -picture.chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -pink.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -plane.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -planning.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -play.conferencesinfo.com Intel::DOMAIN Mandiant APT1 Report T -play.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -pme.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -png.sportreadok.net Intel::DOMAIN Mandiant APT1 Report T -pop.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -pop.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -pop.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -pop.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -pop.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -pop.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -pop.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -pop.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -pop.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -pop.cnndaily.net Intel::DOMAIN Mandiant APT1 Report T -pop.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -pop.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -pop.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -pop.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -pop.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -pop.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -pop.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -pop.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -pop.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -pop.micyuisyahooapis.com Intel::DOMAIN Mandiant APT1 Report T -pop.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -pop.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -pop.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -pop.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -pop.staycools.net Intel::DOMAIN Mandiant APT1 Report T -pop.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -pop.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -pop.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -pop.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -pop.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -pop.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -pop.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -pop2.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -pop2.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -pop3.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -pop3.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -pop4.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -pop5.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -pop6.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -pop9.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -popw.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -popwk.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -portbab.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -portpop.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -ppt.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -prc.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -prefix.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -prefix.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -pro.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -proc.blackberrycluter.com Intel::DOMAIN Mandiant APT1 Report T -proc.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -product.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -program.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -progress.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -protoc.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -psp.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -psp.staycools.net Intel::DOMAIN Mandiant APT1 Report T -psu.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -psu.nytimesnews.net Intel::DOMAIN Mandiant APT1 Report T -psu.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -ptp.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -pz.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -qedh.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -qhun-mons.businessformars.com Intel::DOMAIN Mandiant APT1 Report T -qiao1.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -qiao1.safalife.com Intel::DOMAIN Mandiant APT1 Report T -qiao2.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -qiao3.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -qiao4.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -qiao5.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -qiao6.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -qiao7.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -qiao8.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -qua.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -qual.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -quick.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -quiet.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -qusc12.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -rank.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -rcs.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -reas.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -record.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -records.marsbrother.com Intel::DOMAIN Mandiant APT1 Report T -red.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -red.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -reg.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -release.busketball.com Intel::DOMAIN Mandiant APT1 Report T -release.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -release.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -report.cnnnewsdaily.com Intel::DOMAIN Mandiant APT1 Report T -report.regicsgf.net Intel::DOMAIN Mandiant APT1 Report T -reports.saltlakenews.org Intel::DOMAIN Mandiant APT1 Report T -research.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -research.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -rice.bigish.net Intel::DOMAIN Mandiant APT1 Report T -rj.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -rj.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -rnew.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -roger.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -root.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -root.saltlakenews.org Intel::DOMAIN Mandiant APT1 Report T -rou.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -rsut.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -s.ifexcel.com Intel::DOMAIN Mandiant APT1 Report T -s.microsoft-update-info.com Intel::DOMAIN Mandiant APT1 Report T -saf.blackberrycluter.com Intel::DOMAIN Mandiant APT1 Report T -saf.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -safbejn.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -safe.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -safe.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -safety.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -safety.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -safety.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -safr.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -sale.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -sale.staycools.net Intel::DOMAIN Mandiant APT1 Report T -sales.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -sam.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -sam.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -sam.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -satellite.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -sauu.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -sav.safalife.com Intel::DOMAIN Mandiant APT1 Report T -sb.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -sbh.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -scc.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -scc.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -science.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -scorpion.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -scpkl.bigish.net Intel::DOMAIN Mandiant APT1 Report T -sea.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -sea001.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -search.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -search.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -search.searchforca.com Intel::DOMAIN Mandiant APT1 Report T -security.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -security.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -security.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -security.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -self.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -sells.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -sells.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -send.issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -serv.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -serve.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -server.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -service.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -service.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -service.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -service.issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -service.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -services.busketball.com Intel::DOMAIN Mandiant APT1 Report T -services.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -servmail.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -servmailb.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -servmails.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -set.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -sfn.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -sh.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -share.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -share.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -share.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -share.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -share.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -shit.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -shop.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -shop.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -shop.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -shop.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -shop.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -shot.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -shot.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -shot.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -sifcc.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -signal.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -sinbg.comrepair.net Intel::DOMAIN Mandiant APT1 Report T -sisc.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -sites.progammerli.com Intel::DOMAIN Mandiant APT1 Report T -sk2.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -skills.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -skills.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -sklcenter.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -sky.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -sky.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -sky.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -sky.safalife.com Intel::DOMAIN Mandiant APT1 Report T -slnoa.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -slnoa.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -slrfc.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -slrj.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -slrou.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -slrouji.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -sls.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -slutc.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -sma.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -smile.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -smlk.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -smooth.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -smtp.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -smtp.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -smtp.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -smtp.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -smtp.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -smtp.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -smtp.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -smtp.cnndaily.net Intel::DOMAIN Mandiant APT1 Report T -smtp.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -smtp.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -smtp.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -smtp.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -smtp.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -smtp.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -smtp.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -smtp.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -smtp.micyuisyahooapis.com Intel::DOMAIN Mandiant APT1 Report T -smtp.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -smtp.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -smtp.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -smtp.safalife.com Intel::DOMAIN Mandiant APT1 Report T -smtp.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -smtp.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -smtp.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -smtp.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -smtp.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -smtp.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -smtp.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -smtp.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -snoopy.safalife.com Intel::DOMAIN Mandiant APT1 Report T -snoot.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -sns.syscation.com Intel::DOMAIN Mandiant APT1 Report T -sns.syscation.net Intel::DOMAIN Mandiant APT1 Report T -soft.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -soft.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -soft.cnnnewsdaily.com Intel::DOMAIN Mandiant APT1 Report T -soft.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -soft.nytimesnews.net Intel::DOMAIN Mandiant APT1 Report T -soft.thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -software.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -software.nytimesnews.net Intel::DOMAIN Mandiant APT1 Report T -solar.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -solar.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -solar.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -soler.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -sona.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -sonah.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -songhong.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -sope.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -sos.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -sotp.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -source.livemymsn.com Intel::DOMAIN Mandiant APT1 Report T -sp.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -sp.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -space.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -spah.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -spahi.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -spckl.bigish.net Intel::DOMAIN Mandiant APT1 Report T -spcmon.businessformars.com Intel::DOMAIN Mandiant APT1 Report T -special.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -sports.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -sports.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -sports.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -sports.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -sports.chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -sports.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -sports.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -sports.nytimesnews.net Intel::DOMAIN Mandiant APT1 Report T -sports.rssadvanced.org Intel::DOMAIN Mandiant APT1 Report T -sports.staycools.net Intel::DOMAIN Mandiant APT1 Report T -sports.thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -sports.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -sports.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -sports.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -sports.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -sports3.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -sprts.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -spte.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -squick.bigish.net Intel::DOMAIN Mandiant APT1 Report T -sremx.bigish.net Intel::DOMAIN Mandiant APT1 Report T -srs.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -srs.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -srs.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -srvmail.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -sslsrv1.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -sslsrv2.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -sslsrv5.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -sslsrv5.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -sslsrv6.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -ssun.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -star.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -star.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -star.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -stars.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -stars.nytimesnews.net Intel::DOMAIN Mandiant APT1 Report T -static.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -stell.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -step.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -stk.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -stk.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -stock.bigish.net Intel::DOMAIN Mandiant APT1 Report T -stock.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -stone.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -stone.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -stulaw.bigish.net Intel::DOMAIN Mandiant APT1 Report T -stuwal.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -stuwal.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -submarine.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -submarine.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -suffering.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -suffering.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -suffering.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -suffering.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -suffering.searchforca.com Intel::DOMAIN Mandiant APT1 Report T -sun.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -sun.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -sun.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -support.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -support.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -support.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -support.livemymsn.com Intel::DOMAIN Mandiant APT1 Report T -support.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -support.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -support.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -support.searchforca.com Intel::DOMAIN Mandiant APT1 Report T -support.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -support.thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -support.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -support.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -support.webservicesupdate.com Intel::DOMAIN Mandiant APT1 Report T -sute.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -sw.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -swiss.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -sword.bigish.net Intel::DOMAIN Mandiant APT1 Report T -sword.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -syn.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -sync.ns06.net Intel::DOMAIN Mandiant APT1 Report T -sys.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -sys.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -sys.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -sysj.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -system.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -sysy.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -tag.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -tape.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -tape.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -tape.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -tclient.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -tclient.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -teach.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -tech.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -tech.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -tech.saltlakenews.org Intel::DOMAIN Mandiant APT1 Report T -tech.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -tele.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -telnet.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -test.bpyoyo.com Intel::DOMAIN Mandiant APT1 Report T -test.chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -test.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -test.issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -test.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -test.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -thanhnien.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -thec.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -think.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -think.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -tia.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -time.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -time.issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -time.mediaxsds.net Intel::DOMAIN Mandiant APT1 Report T -time.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -time1.mediaxsds.net Intel::DOMAIN Mandiant APT1 Report T -times.nytimesnews.net Intel::DOMAIN Mandiant APT1 Report T -tk.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -tnjs.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -tod.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -top.ifexcel.com Intel::DOMAIN Mandiant APT1 Report T -topmoney.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -train.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -train.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -travel.cnndaily.net Intel::DOMAIN Mandiant APT1 Report T -travel.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -travel.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -travel.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -trb.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -trip.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -trip.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -triu.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -ts.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -tt.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -ttl.tfxdccssl.net Intel::DOMAIN Mandiant APT1 Report T -tx.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -ug-aa.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-aaon.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-aeai.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-ag.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-asg.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-ati.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-bdai.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-bdai.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -ug-bdfa.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-bpd.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-cccc.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-ccr.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-chsaw.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-co.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-cti.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-dfait.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-enrc.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-ga.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-hst.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-hst.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -ug-irpf.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-kfc.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-man.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-mbi.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-nema.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-opm.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-piec.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-pmet.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-pnl.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-rev.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-rj.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -ug-rj.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-sbig.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-tree.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-tta.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-volpe.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -ug-west.hugesoft.org Intel::DOMAIN Mandiant APT1 Report T -unifh.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -up.bpyoyo.com Intel::DOMAIN Mandiant APT1 Report T -up.safalife.com Intel::DOMAIN Mandiant APT1 Report T -upback.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -update.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -update.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -update.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -update.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -update.busketball.com Intel::DOMAIN Mandiant APT1 Report T -update.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -update.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -update.dnsweb.org Intel::DOMAIN Mandiant APT1 Report T -update.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -update.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -update.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -update.idirectech.com Intel::DOMAIN Mandiant APT1 Report T -update.livemymsn.com Intel::DOMAIN Mandiant APT1 Report T -update.lksoftvc.net Intel::DOMAIN Mandiant APT1 Report T -update.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -update.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -update.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -update.progammerli.com Intel::DOMAIN Mandiant APT1 Report T -update.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -update.safalife.com Intel::DOMAIN Mandiant APT1 Report T -update.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -update.searchforca.com Intel::DOMAIN Mandiant APT1 Report T -update.staycools.net Intel::DOMAIN Mandiant APT1 Report T -update.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -update.tfxdccssl.net Intel::DOMAIN Mandiant APT1 Report T -update.thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -update.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -update.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -update.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -update7.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -update8.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -updater.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -updatevn.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -upload.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -u-rfc.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -url.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -url.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -us.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -us.issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -us.rssadvanced.org Intel::DOMAIN Mandiant APT1 Report T -utex.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -value.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -vedio.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -velp.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -via.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -via.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -via.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -video.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -vip.issnbgkit.net Intel::DOMAIN Mandiant APT1 Report T -vip.pcclubddk.net Intel::DOMAIN Mandiant APT1 Report T -vip.sportreadok.net Intel::DOMAIN Mandiant APT1 Report T -vis.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -visual.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -vockl.bigish.net Intel::DOMAIN Mandiant APT1 Report T -vol.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -vop.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -vope.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -vopm.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -vpn.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -vpn.businessformars.com Intel::DOMAIN Mandiant APT1 Report T -vpn.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -vpn.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -vsec.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -vseh.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -walk.bigish.net Intel::DOMAIN Mandiant APT1 Report T -walste.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -wangye.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -wangye.reutersnewsonline.com Intel::DOMAIN Mandiant APT1 Report T -wapi.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -was.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -water.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -wave.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -wcasekl.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -wcov.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wdeh.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -weather.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -weather.chileexe77.com Intel::DOMAIN Mandiant APT1 Report T -weather.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -weather.staycools.net Intel::DOMAIN Mandiant APT1 Report T -weather.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -weather.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -web.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -web.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -web.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -web.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -web.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -web.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -web.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -web.rssadvanced.org Intel::DOMAIN Mandiant APT1 Report T -web.saltlakenews.org Intel::DOMAIN Mandiant APT1 Report T -web.searchforca.com Intel::DOMAIN Mandiant APT1 Report T -web.thehealthmood.net Intel::DOMAIN Mandiant APT1 Report T -web.webservicesupdate.com Intel::DOMAIN Mandiant APT1 Report T -webdata.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -webjbs.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -weblog.bigish.net Intel::DOMAIN Mandiant APT1 Report T -weblog.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -webmail.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -webmail.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -webmail.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -webmail.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -webmail.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -webmail.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -webmail.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -webmail.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -webmail.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -webmail.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -webmail.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -webmail.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -webmail.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -webmail.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -webmail.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -webmail.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -webmail.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -webmail.usnewssite.com Intel::DOMAIN Mandiant APT1 Report T -webmail.ustvb.com Intel::DOMAIN Mandiant APT1 Report T -webmail.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -webmail.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -webmailh.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -webmails.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -webmailw.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -webs.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -wed5.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -wed5.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -week.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -week.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -weg.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -wehmail.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -west.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -west.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -west1.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -westjoe.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -westking.bigish.net Intel::DOMAIN Mandiant APT1 Report T -westking.comrepair.net Intel::DOMAIN Mandiant APT1 Report T -westkl.blackberrycluter.com Intel::DOMAIN Mandiant APT1 Report T -westkl.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -westnew.marsbrother.com Intel::DOMAIN Mandiant APT1 Report T -wfcx.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wff.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wgl.infobusinessus.org Intel::DOMAIN Mandiant APT1 Report T -wgw.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wh1.bigish.net Intel::DOMAIN Mandiant APT1 Report T -what.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -whi.bigish.net Intel::DOMAIN Mandiant APT1 Report T -windows.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -wins.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -wish.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -wk.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -wmp.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wnam.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wnara.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wned.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wnew.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -woil.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -women.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -wopec.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wopm.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -work.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -work.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -work.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -work.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -work.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -work.yahoodaily.com Intel::DOMAIN Mandiant APT1 Report T -workstation.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -world.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -world.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -wow.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -wow.saltlakenews.org Intel::DOMAIN Mandiant APT1 Report T -wpcs.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wpot.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -wpot.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wptex.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wpvn.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wpvn.softsolutionbox.net Intel::DOMAIN Mandiant APT1 Report T -wrim.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wsyggfw.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -wtom.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wwab.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -wwebmails.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -wwt.blackcake.net Intel::DOMAIN Mandiant APT1 Report T -www.advanbusiness.com Intel::DOMAIN Mandiant APT1 Report T -www.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -www.aolon1ine.com Intel::DOMAIN Mandiant APT1 Report T -www.applesoftupdate.com Intel::DOMAIN Mandiant APT1 Report T -www.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -www.attnpower.com Intel::DOMAIN Mandiant APT1 Report T -www.aunewsonline.com Intel::DOMAIN Mandiant APT1 Report T -www.avvmail.com Intel::DOMAIN Mandiant APT1 Report T -www.bigish.net Intel::DOMAIN Mandiant APT1 Report T -www.bluecoate.com Intel::DOMAIN Mandiant APT1 Report T -www.bpyoyo.com Intel::DOMAIN Mandiant APT1 Report T -www.businessformars.com Intel::DOMAIN Mandiant APT1 Report T -www.busketball.com Intel::DOMAIN Mandiant APT1 Report T -www.canadatvsite.com Intel::DOMAIN Mandiant APT1 Report T -www.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -www.cnndaily.com Intel::DOMAIN Mandiant APT1 Report T -www.cnndaily.net Intel::DOMAIN Mandiant APT1 Report T -www.cometoway.org Intel::DOMAIN Mandiant APT1 Report T -www.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -www.competrip.com Intel::DOMAIN Mandiant APT1 Report T -www.comtoway.com Intel::DOMAIN Mandiant APT1 Report T -www.conferencesinfo.com Intel::DOMAIN Mandiant APT1 Report T -www.copporationnews.com Intel::DOMAIN Mandiant APT1 Report T -www.defenceonline.net Intel::DOMAIN Mandiant APT1 Report T -www.doemarkennel.com Intel::DOMAIN Mandiant APT1 Report T -www.downloadsite.me Intel::DOMAIN Mandiant APT1 Report T -www.e-cardsshop.com Intel::DOMAIN Mandiant APT1 Report T -www.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -www.freshreaders.net Intel::DOMAIN Mandiant APT1 Report T -www.giftnews.org Intel::DOMAIN Mandiant APT1 Report T -www.globalowa.com Intel::DOMAIN Mandiant APT1 Report T -www.gmailboxes.com Intel::DOMAIN Mandiant APT1 Report T -www.hkcastte.com Intel::DOMAIN Mandiant APT1 Report T -www.hvmetal.com Intel::DOMAIN Mandiant APT1 Report T -www.idirectech.com Intel::DOMAIN Mandiant APT1 Report T -www.ifexcel.com Intel::DOMAIN Mandiant APT1 Report T -www.jjpopp.com Intel::DOMAIN Mandiant APT1 Report T -www.jobsadvanced.com Intel::DOMAIN Mandiant APT1 Report T -www.livemymsn.com Intel::DOMAIN Mandiant APT1 Report T -www.maltempata.com Intel::DOMAIN Mandiant APT1 Report T -www.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -www.microsoft-update-info.com Intel::DOMAIN Mandiant APT1 Report T -www.micyuisyahooapis.com Intel::DOMAIN Mandiant APT1 Report T -www.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -www.myyahoonews.com Intel::DOMAIN Mandiant APT1 Report T -www.nationtour.net Intel::DOMAIN Mandiant APT1 Report T -www.newsesport.com Intel::DOMAIN Mandiant APT1 Report T -www.newsonlinesite.com Intel::DOMAIN Mandiant APT1 Report T -www.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -www.nirvanaol.com Intel::DOMAIN Mandiant APT1 Report T -www.olmusic100.com Intel::DOMAIN Mandiant APT1 Report T -www.online.mcafeepaying.com Intel::DOMAIN Mandiant APT1 Report T -www.phoenixtvus.com Intel::DOMAIN Mandiant APT1 Report T -www.pop-musicsite.com Intel::DOMAIN Mandiant APT1 Report T -www.rssadvanced.org Intel::DOMAIN Mandiant APT1 Report T -www.safety-update.com Intel::DOMAIN Mandiant APT1 Report T -www.satellitebbs.com Intel::DOMAIN Mandiant APT1 Report T -www.searchforca.com Intel::DOMAIN Mandiant APT1 Report T -www.shepmas.com Intel::DOMAIN Mandiant APT1 Report T -www.skyswim.net Intel::DOMAIN Mandiant APT1 Report T -www.staycools.net Intel::DOMAIN Mandiant APT1 Report T -www.symanteconline.net Intel::DOMAIN Mandiant APT1 Report T -www.syscation.com Intel::DOMAIN Mandiant APT1 Report T -www.syscation.net Intel::DOMAIN Mandiant APT1 Report T -www.tibethome.org Intel::DOMAIN Mandiant APT1 Report T -www.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -www.ueopen.com Intel::DOMAIN Mandiant APT1 Report T -www.usabbs.org Intel::DOMAIN Mandiant APT1 Report T -www.usapappers.com Intel::DOMAIN Mandiant APT1 Report T -www.ushongkong.org Intel::DOMAIN Mandiant APT1 Report T -www.ustvb.com Intel::DOMAIN Mandiant APT1 Report T -www.uszzcs.com Intel::DOMAIN Mandiant APT1 Report T -www.voiceofman.com Intel::DOMAIN Mandiant APT1 Report T -www.webservicesupdate.com Intel::DOMAIN Mandiant APT1 Report T -www.widewebsense.com Intel::DOMAIN Mandiant APT1 Report T -www.worthhummer.net Intel::DOMAIN Mandiant APT1 Report T -www.youipcam.com Intel::DOMAIN Mandiant APT1 Report T -www-01.marsbrother.com Intel::DOMAIN Mandiant APT1 Report T -www-049.businessformars.com Intel::DOMAIN Mandiant APT1 Report T -www1.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -www1.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -www1.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -www1.saltlakenews.org Intel::DOMAIN Mandiant APT1 Report T -www2.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -www3.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -wwwcb.newspappers.org Intel::DOMAIN Mandiant APT1 Report T -www-ctr.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -wwwi.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -wwwt.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -x-admin.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -xawh.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -x-book.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -x-fmgg.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -xinge3344.cccpan.com Intel::DOMAIN Mandiant APT1 Report T -xinge3344.ys168.com Intel::DOMAIN Mandiant APT1 Report T -xmer.businessconsults.net Intel::DOMAIN Mandiant APT1 Report T -x-stone.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -xtap.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -xwclient.arrowservice.net Intel::DOMAIN Mandiant APT1 Report T -xwclient.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -xwclient.newsonet.net Intel::DOMAIN Mandiant APT1 Report T -yang.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -yang.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -yang1.bigdepression.net Intel::DOMAIN Mandiant APT1 Report T -yang1.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -yang2.infosupports.com Intel::DOMAIN Mandiant APT1 Report T -yard.earthsolution.org Intel::DOMAIN Mandiant APT1 Report T -ysb.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -ysb.purpledaily.com Intel::DOMAIN Mandiant APT1 Report T -z0.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -z4.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -za.booksonlineclub.com Intel::DOMAIN Mandiant APT1 Report T -zapts.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -zc.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -zero.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T -zh.lksoftvc.net Intel::DOMAIN Mandiant APT1 Report T -zone.aoldaily.com Intel::DOMAIN Mandiant APT1 Report T -zone.canoedaily.com Intel::DOMAIN Mandiant APT1 Report T -zone.companyinfosite.com Intel::DOMAIN Mandiant APT1 Report T -zone.msnhome.org Intel::DOMAIN Mandiant APT1 Report T -zone.searchforca.com Intel::DOMAIN Mandiant APT1 Report T -zone.todayusa.org Intel::DOMAIN Mandiant APT1 Report T -ztl.firefoxupdata.com Intel::DOMAIN Mandiant APT1 Report T diff --git a/salt/deprecated-bro/policy/securityonion/apt1/apt1-md5.dat b/salt/deprecated-bro/policy/securityonion/apt1/apt1-md5.dat deleted file mode 100644 index 421549121..000000000 --- a/salt/deprecated-bro/policy/securityonion/apt1/apt1-md5.dat +++ /dev/null @@ -1,1012 +0,0 @@ -#fields indicator indicator_type meta.source meta.do_notice -# The following lines are for testing purposes only. Please keep them commented out when running in production. -#4285358dd748ef74cb8161108e11cb73 Intel::FILE_HASH Test MD5 T -#9593fcbd91fdb1a41d0304bf684d29fd Intel::FILE_HASH Test MD5 T -#e2c33fa7a3802289d46a7c3e4e1df342 Intel::FILE_HASH Test MD5 T -001dd76872d80801692ff942308c64e6 Intel::FILE_HASH Mandiant Apt1 Report T -002325a0a67fded0381b5648d7fe9b8e Intel::FILE_HASH Mandiant Apt1 Report T -00dbb9e1c09dbdafb360f3163ba5a3de Intel::FILE_HASH Mandiant Apt1 Report T -00f24328b282b28bc39960d55603e380 Intel::FILE_HASH Mandiant Apt1 Report T -0115338e11f85d7a2226933712acaae8 Intel::FILE_HASH Mandiant Apt1 Report T -0141955eb5b90ce25b506757ce151275 Intel::FILE_HASH Mandiant Apt1 Report T -0149b7bd7218aab4e257d28469fddb0d Intel::FILE_HASH Mandiant Apt1 Report T -016da6ee744b16656a2ba3107c7a4a29 Intel::FILE_HASH Mandiant Apt1 Report T -01e0dc079d4e33d8edd050c4900818da Intel::FILE_HASH Mandiant Apt1 Report T -024fd07dbdacc7da227bede3449c2b6a Intel::FILE_HASH Mandiant Apt1 Report T -0285bd1fbdd70fd5165260a490564ac8 Intel::FILE_HASH Mandiant Apt1 Report T -02a2d148faba3b6310e7ba81eb62739d Intel::FILE_HASH Mandiant Apt1 Report T -02c65973b6018f5d473d701b3e7508b2 Intel::FILE_HASH Mandiant Apt1 Report T -034374db2d35cf9da6558f54cec8a455 Intel::FILE_HASH Mandiant Apt1 Report T -03ae71eba61af2d497e226da3954f3af Intel::FILE_HASH Mandiant Apt1 Report T -0469a42d71b4a55118b9579c8c772bb6 Intel::FILE_HASH Mandiant Apt1 Report T -0496e3b17cf40c45f495188a368c203a Intel::FILE_HASH Mandiant Apt1 Report T -04a7b7dab5ff8ba1486df9dbe68c748c Intel::FILE_HASH Mandiant Apt1 Report T -04e83832146034f9797d2e8145413daa Intel::FILE_HASH Mandiant Apt1 Report T -04f481d6710ac5d68d0eacac2600a041 Intel::FILE_HASH Mandiant Apt1 Report T -0501bb10d646b29cab7d17a8407010d9 Intel::FILE_HASH Mandiant Apt1 Report T -0522e955aaee70b102e843f14c13a92c Intel::FILE_HASH Mandiant Apt1 Report T -052ec04866e4a67f31845d656531830d Intel::FILE_HASH Mandiant Apt1 Report T -0545a524a6bb0b042f4b00da53fec948 Intel::FILE_HASH Mandiant Apt1 Report T -05552a77620933dd80f1e176736f8fe7 Intel::FILE_HASH Mandiant Apt1 Report T -0583f58ac3d804d28cd433d369b096b8 Intel::FILE_HASH Mandiant Apt1 Report T -0588ffa0a244a2c4431c5c4faac60b1f Intel::FILE_HASH Mandiant Apt1 Report T -05bc8309b93676087d5fb0b58ad5e9d8 Intel::FILE_HASH Mandiant Apt1 Report T -05cc052686fbdf25fb610c1fe120195f Intel::FILE_HASH Mandiant Apt1 Report T -06598b0490133815541c5ac023623e82 Intel::FILE_HASH Mandiant Apt1 Report T -065e63afdfa539727f63af7530b22d2f Intel::FILE_HASH Mandiant Apt1 Report T -078f1e2c528f2318b073e871f73efc21 Intel::FILE_HASH Mandiant Apt1 Report T -079028d315d039da0ffec2728b2c9ef6 Intel::FILE_HASH Mandiant Apt1 Report T -07ae235391f7b290ea3a35067239a290 Intel::FILE_HASH Mandiant Apt1 Report T -07c4032f24ae44614676fbdfe539afe0 Intel::FILE_HASH Mandiant Apt1 Report T -07fe9f901fb4f14e16fb5d114a92b0fc Intel::FILE_HASH Mandiant Apt1 Report T -08084604344b5ed11c2612795b2d3608 Intel::FILE_HASH Mandiant Apt1 Report T -0829207a8400e2814990f79fbdfe7f4d Intel::FILE_HASH Mandiant Apt1 Report T -082cc969b3eb6786e3e951b450b8de0d Intel::FILE_HASH Mandiant Apt1 Report T -089c9e5407ddb464dfeca2e528536395 Intel::FILE_HASH Mandiant Apt1 Report T -08d7679a9c806a2f7d2be26fe9b425ee Intel::FILE_HASH Mandiant Apt1 Report T -08e0d0f5cdfe1bc2e5fc1b992fe1e073 Intel::FILE_HASH Mandiant Apt1 Report T -08f21a020f41f0bcacdc9427f84987da Intel::FILE_HASH Mandiant Apt1 Report T -0908d8b3e459551039bade50930e4c1b Intel::FILE_HASH Mandiant Apt1 Report T -09531f851ef74a7238685fd287a395bd Intel::FILE_HASH Mandiant Apt1 Report T -097b5abb53a3d84fa9eabda02fef9e91 Intel::FILE_HASH Mandiant Apt1 Report T -09d372e4259980ac95fdadf1846578d9 Intel::FILE_HASH Mandiant Apt1 Report T -0b506c6dde8d07f9eeb82fd01a6f97d4 Intel::FILE_HASH Mandiant Apt1 Report T -0b680e7bd5c0501d5dd73164122a7faf Intel::FILE_HASH Mandiant Apt1 Report T -0c28ad34f90950bc784339ec9f50d288 Intel::FILE_HASH Mandiant Apt1 Report T -0c5858f293aed44ea00eb9e0019609df Intel::FILE_HASH Mandiant Apt1 Report T -0c5e9f564115bfcbee66377a829de55f Intel::FILE_HASH Mandiant Apt1 Report T -0ca6e2ad69826c8e3287fc8576112814 Intel::FILE_HASH Mandiant Apt1 Report T -0cad42671e5771574df44a23b3634f32 Intel::FILE_HASH Mandiant Apt1 Report T -0ccfaeb11defb100b5ddb40057e8fce4 Intel::FILE_HASH Mandiant Apt1 Report T -0cf8259502d178a099ab2852e2bddbe1 Intel::FILE_HASH Mandiant Apt1 Report T -0cf9e999c574ec89595263446978dc9f Intel::FILE_HASH Mandiant Apt1 Report T -0d0240672a314a7547d328f824642da8 Intel::FILE_HASH Mandiant Apt1 Report T -0d678350f05b274844da5d79fee75324 Intel::FILE_HASH Mandiant Apt1 Report T -0dd3677594632ce270bcf8af94819caf Intel::FILE_HASH Mandiant Apt1 Report T -0df42947e167cd006b176d305c08d57e Intel::FILE_HASH Mandiant Apt1 Report T -0e84132e5ad04351b644b8d8743fc4d3 Intel::FILE_HASH Mandiant Apt1 Report T -0ec0fcd649f3d5aa2e19f110c0089164 Intel::FILE_HASH Mandiant Apt1 Report T -0f23d5b93c30681655d8a4258b8de129 Intel::FILE_HASH Mandiant Apt1 Report T -0fbdc6e3f79063a4773d4872fa1f15d1 Intel::FILE_HASH Mandiant Apt1 Report T -0fed203f3df6a82c9124f24aa3d9d75d Intel::FILE_HASH Mandiant Apt1 Report T -0ff20d023d6b54661d66fb3ce09afe3c Intel::FILE_HASH Mandiant Apt1 Report T -0ff48a336655869a74611236e6e2d249 Intel::FILE_HASH Mandiant Apt1 Report T -106338ad223b84fbc2528a55e3e22302 Intel::FILE_HASH Mandiant Apt1 Report T -1097ca5269dea866d5c9f2b0cc50af6d Intel::FILE_HASH Mandiant Apt1 Report T -10a38dd9598cc31efe664cfaa8f37bf1 Intel::FILE_HASH Mandiant Apt1 Report T -10a68e08c514d3b69296b0eb557d822c Intel::FILE_HASH Mandiant Apt1 Report T -10bb5a8ae053e335fe047cf38db95452 Intel::FILE_HASH Mandiant Apt1 Report T -11504971bb85cdacb8ef7d45e6e2aeb7 Intel::FILE_HASH Mandiant Apt1 Report T -11ccf3f93b00b01887e50283742cd1e6 Intel::FILE_HASH Mandiant Apt1 Report T -11d350127ff1e9ecd665c34326475584 Intel::FILE_HASH Mandiant Apt1 Report T -11dbecc954bf8a89d59407a992889cfd Intel::FILE_HASH Mandiant Apt1 Report T -11de4b1ab84bcb8dd28ef0ea4641f6d0 Intel::FILE_HASH Mandiant Apt1 Report T -120c2e085992ff59a21ba401ec29fec9 Intel::FILE_HASH Mandiant Apt1 Report T -1224527e295380dce1ac9953c850ce97 Intel::FILE_HASH Mandiant Apt1 Report T -123505024f9e5ff74cb6aa67d7fcc392 Intel::FILE_HASH Mandiant Apt1 Report T -125ebbc6f0c957ee994fcef1431a93f4 Intel::FILE_HASH Mandiant Apt1 Report T -129c6cd9d2aa895cf6fa137fa1d3a188 Intel::FILE_HASH Mandiant Apt1 Report T -12a410d82a1fc9a8c18b350872e0d465 Intel::FILE_HASH Mandiant Apt1 Report T -12f25ce81596aeb19e75cc7ef08f3a38 Intel::FILE_HASH Mandiant Apt1 Report T -1328eaceb140a3863951d18661b097af Intel::FILE_HASH Mandiant Apt1 Report T -13835f0d5aafbeda50560afc92c8b7b7 Intel::FILE_HASH Mandiant Apt1 Report T -13f0b56c28995e4efc8da784ad862853 Intel::FILE_HASH Mandiant Apt1 Report T -1415eb8519d13328091cc5c76a624e3d Intel::FILE_HASH Mandiant Apt1 Report T -1486f48948db4f9afaebd69c7c52f899 Intel::FILE_HASH Mandiant Apt1 Report T -150c4c1f589c4baa794160276a3d4aba Intel::FILE_HASH Mandiant Apt1 Report T -150c95865766c2dd0562e7bedb6db104 Intel::FILE_HASH Mandiant Apt1 Report T -15137b710414e4e8508ac5ab27e2cbaa Intel::FILE_HASH Mandiant Apt1 Report T -15244d2321faa3a271ff0b1e5a23148f Intel::FILE_HASH Mandiant Apt1 Report T -15901ddbccc5e9e0579fc5b42f754fe8 Intel::FILE_HASH Mandiant Apt1 Report T -15d1330be5e27f6f51d011b0575ffa05 Intel::FILE_HASH Mandiant Apt1 Report T -165ef79e7caa806f13f82cc2bbf3dedd Intel::FILE_HASH Mandiant Apt1 Report T -16e53c619803d0068611bb6d448d1d49 Intel::FILE_HASH Mandiant Apt1 Report T -17199ddac616938f383a0339f416c890 Intel::FILE_HASH Mandiant Apt1 Report T -173cd315008897e56fa812f2b2843f83 Intel::FILE_HASH Mandiant Apt1 Report T -177e0270f25a901c216ffb2e7a36e5b1 Intel::FILE_HASH Mandiant Apt1 Report T -17f5a2e0997b59449ca2120b20b5b7ce Intel::FILE_HASH Mandiant Apt1 Report T -17f6602f1c507b006b9d09eedcde0096 Intel::FILE_HASH Mandiant Apt1 Report T -1809c3cc93332d7bc0799238519a2938 Intel::FILE_HASH Mandiant Apt1 Report T -18316e6ebb356a66c8ff51e73c1bcc8a Intel::FILE_HASH Mandiant Apt1 Report T -18e5ef23b634344321b2b3f5fa80a598 Intel::FILE_HASH Mandiant Apt1 Report T -19fc27aeb48b3ce8d00eb2e76dfe2837 Intel::FILE_HASH Mandiant Apt1 Report T -1a0c7e61bcc50d57b7bcf9d9af691de5 Intel::FILE_HASH Mandiant Apt1 Report T -1ae2dadd85cd97452bb26b2c901d0890 Intel::FILE_HASH Mandiant Apt1 Report T -1aea4d24f3bd2c51288ad643fc66e0d2 Intel::FILE_HASH Mandiant Apt1 Report T -1b36190794516da078decaff881d9864 Intel::FILE_HASH Mandiant Apt1 Report T -1b7eed9d2438b494197e95fe57114f9b Intel::FILE_HASH Mandiant Apt1 Report T -1ba6fee7d4e73752b39a09b1396b69f0 Intel::FILE_HASH Mandiant Apt1 Report T -1baa7f5813e259c6346d1b02a1370d75 Intel::FILE_HASH Mandiant Apt1 Report T -1c16bd1488163c03cd506c2f71486a0f Intel::FILE_HASH Mandiant Apt1 Report T -1c7538951b21d93ef7ecf3fa94ae5c5e Intel::FILE_HASH Mandiant Apt1 Report T -1ca3ca9ec20474d07fc798f2b41e2625 Intel::FILE_HASH Mandiant Apt1 Report T -1ce4605e771a04e375e0d1083f183e8e Intel::FILE_HASH Mandiant Apt1 Report T -1e314c972075b8058099fd8759c11ce8 Intel::FILE_HASH Mandiant Apt1 Report T -1e48f6ba839d2c4794e23c10e5c4c138 Intel::FILE_HASH Mandiant Apt1 Report T -1e5ec6c06e4f6bb958dcbb9fc636009d Intel::FILE_HASH Mandiant Apt1 Report T -1ea61a0945bde3c6f41e12bc01928d37 Intel::FILE_HASH Mandiant Apt1 Report T -1ede2c69d50e0efbe23f758d902216e0 Intel::FILE_HASH Mandiant Apt1 Report T -1f2eb7b090018d975e6d9b40868c94ca Intel::FILE_HASH Mandiant Apt1 Report T -1f92ff8711716ca795fbd81c477e45f5 Intel::FILE_HASH Mandiant Apt1 Report T -1f9b32bac55ba4c015181ebf55767752 Intel::FILE_HASH Mandiant Apt1 Report T -1fad25d4fef631f8ec3115e0944e4621 Intel::FILE_HASH Mandiant Apt1 Report T -1fb4ce2e56ced51ddf1edff8ed15c21b Intel::FILE_HASH Mandiant Apt1 Report T -1fff3f96f53c5bbdd39eb2351f12549d Intel::FILE_HASH Mandiant Apt1 Report T -201fb83679a1fe05007fc6b8d6d96680 Intel::FILE_HASH Mandiant Apt1 Report T -2080f463388aebe6deb7edf11c01f7ff Intel::FILE_HASH Mandiant Apt1 Report T -20e2c8c7a98ddd4c16f6e878194c1e78 Intel::FILE_HASH Mandiant Apt1 Report T -212c724346400853d05a4440cabd716c Intel::FILE_HASH Mandiant Apt1 Report T -2156942db0293565c9420c1e254a2c32 Intel::FILE_HASH Mandiant Apt1 Report T -215df0c319b98dad4f202849b097f8b2 Intel::FILE_HASH Mandiant Apt1 Report T -2198fea94bb79b001fcfd3e03b269001 Intel::FILE_HASH Mandiant Apt1 Report T -2244c60f4c1dc285c259f3ac5bf88ff8 Intel::FILE_HASH Mandiant Apt1 Report T -225e33508861984dd2a774760bfdfc52 Intel::FILE_HASH Mandiant Apt1 Report T -2272791cadf422ce02a117a3a857f84e Intel::FILE_HASH Mandiant Apt1 Report T -22aa55134d621672e93c6de928c8b122 Intel::FILE_HASH Mandiant Apt1 Report T -22d9466d6aab8410bea006b5d3df8bd0 Intel::FILE_HASH Mandiant Apt1 Report T -23059de2797774bbdd9b21f979aaec51 Intel::FILE_HASH Mandiant Apt1 Report T -23e371b816bab10cd9cfc4a46154022c Intel::FILE_HASH Mandiant Apt1 Report T -24259ae8b0018b0ce9992fb1d9b69e2a Intel::FILE_HASH Mandiant Apt1 Report T -2479a9a50308cb72fcd5e4e18ef06468 Intel::FILE_HASH Mandiant Apt1 Report T -24c4ed0a6cc4e9671b72c104977fa215 Intel::FILE_HASH Mandiant Apt1 Report T -24f1b8266f4faf550999581bf0edac83 Intel::FILE_HASH Mandiant Apt1 Report T -24fefb8b9338e2300308260be19bbaab Intel::FILE_HASH Mandiant Apt1 Report T -251c817f4144264c3e7a9dac03071daf Intel::FILE_HASH Mandiant Apt1 Report T -255cd53f9bdb6f3755e621885cb34382 Intel::FILE_HASH Mandiant Apt1 Report T -257258344edad17f689b1c6d14833cbc Intel::FILE_HASH Mandiant Apt1 Report T -25f240aed433c4ea52ccdb898e43756f Intel::FILE_HASH Mandiant Apt1 Report T -2640cb47de607a8276c26e8a27f1150b Intel::FILE_HASH Mandiant Apt1 Report T -268988aa1df82ab073f527b5b6c8bff7 Intel::FILE_HASH Mandiant Apt1 Report T -268eef019bf65b2987e945afaf29643f Intel::FILE_HASH Mandiant Apt1 Report T -270d42f292105951ee81e4085ea45054 Intel::FILE_HASH Mandiant Apt1 Report T -2762fb36161086f7ef3f33232aa790dc Intel::FILE_HASH Mandiant Apt1 Report T -277964807a66aeeb6bd81dbfcaa3e4e6 Intel::FILE_HASH Mandiant Apt1 Report T -277f95bff2e0fe317f86b5010bd83a18 Intel::FILE_HASH Mandiant Apt1 Report T -286f48dda20e2ccc3250a6e09a130db1 Intel::FILE_HASH Mandiant Apt1 Report T -28dbd86bd86eb9153ecb20d883c41ae0 Intel::FILE_HASH Mandiant Apt1 Report T -28e64dfeab48030bc532ae4ace2c9e4c Intel::FILE_HASH Mandiant Apt1 Report T -2976a62c2a829a153a9b0b5f433bdc77 Intel::FILE_HASH Mandiant Apt1 Report T -29c691978af80dc23c4df96b5f6076bb Intel::FILE_HASH Mandiant Apt1 Report T -2a214ce037f5f6bb01ddc453f0265d92 Intel::FILE_HASH Mandiant Apt1 Report T -2a4604fcae876dee445de5ad74fd7835 Intel::FILE_HASH Mandiant Apt1 Report T -2a84b88c4a2ce0fb6227f7990f465737 Intel::FILE_HASH Mandiant Apt1 Report T -2acfc925e66e1b820a67c4d0f3e6ae8c Intel::FILE_HASH Mandiant Apt1 Report T -2af105519133baaee57c9ade00543de2 Intel::FILE_HASH Mandiant Apt1 Report T -2b379d5346ffd386c28038630a9b0292 Intel::FILE_HASH Mandiant Apt1 Report T -2b659d71ae168e774faaf38db30f4a84 Intel::FILE_HASH Mandiant Apt1 Report T -2b732257d8d9f09560fdcb7d84d430ca Intel::FILE_HASH Mandiant Apt1 Report T -2ba0d0083976a5c1e3315413cdcffcd2 Intel::FILE_HASH Mandiant Apt1 Report T -2bd02b41817d227058522cca40acd390 Intel::FILE_HASH Mandiant Apt1 Report T -2bdc196cdac4478ae325c94bab433732 Intel::FILE_HASH Mandiant Apt1 Report T -2c49f47c98203b110799ab622265f4ef Intel::FILE_HASH Mandiant Apt1 Report T -2c78d8bb5912d8174042f81197d9b449 Intel::FILE_HASH Mandiant Apt1 Report T -2c9c691e15a48b20dbead0a6d6bf0300 Intel::FILE_HASH Mandiant Apt1 Report T -2ca8ba14ff07ef8616372c53ee84d20e Intel::FILE_HASH Mandiant Apt1 Report T -2cdbeebcf4e0b6dbd24b8c7b4cd6d862 Intel::FILE_HASH Mandiant Apt1 Report T -2d08595e73de31a36c1187fcaac73bf0 Intel::FILE_HASH Mandiant Apt1 Report T -2d57aa4e7f2f4088f1b96313b24c7602 Intel::FILE_HASH Mandiant Apt1 Report T -2daa4a4574ba06aa3203ae0e0b45b3b8 Intel::FILE_HASH Mandiant Apt1 Report T -2dd892986b2249b5214639ecc8ac0223 Intel::FILE_HASH Mandiant Apt1 Report T -2e8484f59899046452392c236460ebb6 Intel::FILE_HASH Mandiant Apt1 Report T -2ef062fa86537db34f5907a9775664a1 Intel::FILE_HASH Mandiant Apt1 Report T -2f5979eaa728550a352c1ffee0b31236 Intel::FILE_HASH Mandiant Apt1 Report T -2f930d92dc5ebc9d53ad2a2b451ebf65 Intel::FILE_HASH Mandiant Apt1 Report T -2fae9efa753d3d821e1efdbc1335b966 Intel::FILE_HASH Mandiant Apt1 Report T -2fccaa39533de02490b1c6395878dd79 Intel::FILE_HASH Mandiant Apt1 Report T -30a7aa13b1f8d272cb36576952e8b6c0 Intel::FILE_HASH Mandiant Apt1 Report T -30b3b17eab05ecffaa055b5091aa66f9 Intel::FILE_HASH Mandiant Apt1 Report T -30e78d186b27d2023a2a7319bb679c3f Intel::FILE_HASH Mandiant Apt1 Report T -3107de21e480ab1f2d67725f419b28d0 Intel::FILE_HASH Mandiant Apt1 Report T -3120fc8630c5252002f26f6e11b09eca Intel::FILE_HASH Mandiant Apt1 Report T -3122fbb558e1a5f32c90eba31f674add Intel::FILE_HASH Mandiant Apt1 Report T -31b1d316b46c967c80fe7398a9e4cf41 Intel::FILE_HASH Mandiant Apt1 Report T -31e5e58dbdfad05175613e795298ebb5 Intel::FILE_HASH Mandiant Apt1 Report T -321d75c9990408db812e5a248a74f8c8 Intel::FILE_HASH Mandiant Apt1 Report T -328c3ebb2fd2e170483e8d51ccc6c505 Intel::FILE_HASH Mandiant Apt1 Report T -32c32e936cffa8ab370c7f3f2dd43d65 Intel::FILE_HASH Mandiant Apt1 Report T -335df3ffb8cee61c20ab91a401204df4 Intel::FILE_HASH Mandiant Apt1 Report T -3364813bcbd111fc5ec1e4265c533506 Intel::FILE_HASH Mandiant Apt1 Report T -338782d2df367156a2c7e12e9526c600 Intel::FILE_HASH Mandiant Apt1 Report T -33d974011c4b047bf9874a71ba261a11 Intel::FILE_HASH Mandiant Apt1 Report T -33de5067a433a6ec5c328067dc18ec37 Intel::FILE_HASH Mandiant Apt1 Report T -33e9ccd45ef133b2c100d5a4f50635d5 Intel::FILE_HASH Mandiant Apt1 Report T -341f5e7215826d07ada1ed2b96264c0d Intel::FILE_HASH Mandiant Apt1 Report T -342939e5fe4770c545659a6bf1e50df4 Intel::FILE_HASH Mandiant Apt1 Report T -3441cbdf8de9472c19b021b241429b22 Intel::FILE_HASH Mandiant Apt1 Report T -349f6cfb77bb360063c477e9b6ca24d6 Intel::FILE_HASH Mandiant Apt1 Report T -34ca3fbcaac48498aeff6035b172bf69 Intel::FILE_HASH Mandiant Apt1 Report T -34cebbb4d35a66a7a7fb1ce857c195c9 Intel::FILE_HASH Mandiant Apt1 Report T -35008d12dfa47447112495f430e4aefe Intel::FILE_HASH Mandiant Apt1 Report T -351afebaf03ef12e6ad1b412612d0c53 Intel::FILE_HASH Mandiant Apt1 Report T -35b9f05cf70017cc485af87660109dc8 Intel::FILE_HASH Mandiant Apt1 Report T -35f32431a069398d25efda2dafa32d93 Intel::FILE_HASH Mandiant Apt1 Report T -36a7c3a6460c98e161e1005c925da0b2 Intel::FILE_HASH Mandiant Apt1 Report T -36c0d3f109aede4d76b05431f8a64f9e Intel::FILE_HASH Mandiant Apt1 Report T -36cd49ad631e99125a3bb2786e405cea Intel::FILE_HASH Mandiant Apt1 Report T -36d5c8fc4b14559f73b6136d85b94198 Intel::FILE_HASH Mandiant Apt1 Report T -370c50aea66cc338b37801e1bd1c244f Intel::FILE_HASH Mandiant Apt1 Report T -37cf3f25895c27ca5e647bbfdc1d5b2d Intel::FILE_HASH Mandiant Apt1 Report T -37ddd3d72ead03c7518f5d47650c8572 Intel::FILE_HASH Mandiant Apt1 Report T -37df1896ba54e85ef549ccc1a88d34ab Intel::FILE_HASH Mandiant Apt1 Report T -37e7dc80c1eb618b3cd1b442858afa60 Intel::FILE_HASH Mandiant Apt1 Report T -37eee514b04167f8e17e2caa3bfd3049 Intel::FILE_HASH Mandiant Apt1 Report T -389f43a8af199da8da6b7c75b2c69595 Intel::FILE_HASH Mandiant Apt1 Report T -390d1f2a620912104f53c034c8aef14b Intel::FILE_HASH Mandiant Apt1 Report T -39e28f48c138dc156d1436fd02222e45 Intel::FILE_HASH Mandiant Apt1 Report T -3a3e4bca1197e4abab03340ea97d718d Intel::FILE_HASH Mandiant Apt1 Report T -3a45d4bfd1f919f167ce4a5e5ba00e15 Intel::FILE_HASH Mandiant Apt1 Report T -3a4cda1973cacd78740ff30774d6375e Intel::FILE_HASH Mandiant Apt1 Report T -3abe9c84fc13d0a82c1c3e0dced5825d Intel::FILE_HASH Mandiant Apt1 Report T -3b0829e2e966dae17d4c235893a3ae8a Intel::FILE_HASH Mandiant Apt1 Report T -3b1b190407b868406c5c155a79f3d146 Intel::FILE_HASH Mandiant Apt1 Report T -3b320b90e024bfa48bda72aa7a82322c Intel::FILE_HASH Mandiant Apt1 Report T -3c1b2fabb7d74bc5be0820eae4107f8a Intel::FILE_HASH Mandiant Apt1 Report T -3c4066b252722c873348d43b4c3ec0e5 Intel::FILE_HASH Mandiant Apt1 Report T -3cda17269c246a2e3bfcda6fa02fceb8 Intel::FILE_HASH Mandiant Apt1 Report T -3d0c1dc5ac55f6d0e6b7fabfeb5158f5 Intel::FILE_HASH Mandiant Apt1 Report T -3d328395d0cefc67e2909774125196b1 Intel::FILE_HASH Mandiant Apt1 Report T -3d573866620eae070a220be89e113f69 Intel::FILE_HASH Mandiant Apt1 Report T -3d61d23c2be95177937aa50769c0c512 Intel::FILE_HASH Mandiant Apt1 Report T -3d6fe3928f2f5ce41622f3f958b894a0 Intel::FILE_HASH Mandiant Apt1 Report T -3de1bd0f2107198931177b2b23877df4 Intel::FILE_HASH Mandiant Apt1 Report T -3de60420845a582b0e44081b1138a7e4 Intel::FILE_HASH Mandiant Apt1 Report T -3e12ffa5ad676a41754e2cc59e980e57 Intel::FILE_HASH Mandiant Apt1 Report T -3e32ab6a2eac5bd1cddd3146d1a1348b Intel::FILE_HASH Mandiant Apt1 Report T -3e3e6fe1a8c6ffc00a9c644997a4f7a1 Intel::FILE_HASH Mandiant Apt1 Report T -3e69945e5865ccc861f69b24bc1166b6 Intel::FILE_HASH Mandiant Apt1 Report T -3e6ed3ee47bce9946e2541332cb34c69 Intel::FILE_HASH Mandiant Apt1 Report T -3e72fd40e47e232496b303734f1b2b11 Intel::FILE_HASH Mandiant Apt1 Report T -3e87051b1dc3463f378c7e1fe398dc7d Intel::FILE_HASH Mandiant Apt1 Report T -3ea7bf3b469499f0f6d4a78af865138f Intel::FILE_HASH Mandiant Apt1 Report T -3f19992be3606c136b15041207daf6e4 Intel::FILE_HASH Mandiant Apt1 Report T -3f243b304358041fb163007e0c066d4a Intel::FILE_HASH Mandiant Apt1 Report T -3f33c0dab564c35485fd227d97b98443 Intel::FILE_HASH Mandiant Apt1 Report T -3f34e41d8ea034e6246ef6426bc91336 Intel::FILE_HASH Mandiant Apt1 Report T -3f8682ab074a097ebbaadbf26dfff560 Intel::FILE_HASH Mandiant Apt1 Report T -3fb8f4cdcb4d1d48be2e473fd8727239 Intel::FILE_HASH Mandiant Apt1 Report T -3fc26910f9c31bd9ba3ccb09132d9ca3 Intel::FILE_HASH Mandiant Apt1 Report T -40831b3799c94b609a91d517d14bea21 Intel::FILE_HASH Mandiant Apt1 Report T -40b1e9cf468f499d749c0863cfa6c8c1 Intel::FILE_HASH Mandiant Apt1 Report T -40ee45b1343406b6f7ad6204f1af7693 Intel::FILE_HASH Mandiant Apt1 Report T -4111fbc14558385c10091543c439264a Intel::FILE_HASH Mandiant Apt1 Report T -411d770b2939e968c692dbdd3116e179 Intel::FILE_HASH Mandiant Apt1 Report T -4192479b055b2b21cb7e6c803b765d34 Intel::FILE_HASH Mandiant Apt1 Report T -41a5d40ecc735172b18b61e01a30a178 Intel::FILE_HASH Mandiant Apt1 Report T -41bb847963a8fce70ad21e70dd786107 Intel::FILE_HASH Mandiant Apt1 Report T -41d623c1de3b0d182c51e56b2a3f3fba Intel::FILE_HASH Mandiant Apt1 Report T -420deefd91db5e177b46e4134441a35e Intel::FILE_HASH Mandiant Apt1 Report T -4227f2872817cfc74d134ee9f3d06d14 Intel::FILE_HASH Mandiant Apt1 Report T -42462d31a2e5b1e4602a1a4d39abeca9 Intel::FILE_HASH Mandiant Apt1 Report T -435991e0c67f0c0b4504355b6d4493f0 Intel::FILE_HASH Mandiant Apt1 Report T -438401c9ae36e9ed1bf4f410ae116484 Intel::FILE_HASH Mandiant Apt1 Report T -438983192903f3fecf77500a39459ee6 Intel::FILE_HASH Mandiant Apt1 Report T -43b844c35e1a933e9214588be81ce772 Intel::FILE_HASH Mandiant Apt1 Report T -44066f29aab6a9379f8dd30f6bec257d Intel::FILE_HASH Mandiant Apt1 Report T -456d298649a7ec31a7250ed9312ebbaf Intel::FILE_HASH Mandiant Apt1 Report T -45aa4177bb42eb3ded5edf397a4aaded Intel::FILE_HASH Mandiant Apt1 Report T -465b085d3ddd22f63d8f7721ce5736d7 Intel::FILE_HASH Mandiant Apt1 Report T -46817cabd6618d2126067430a78f06a3 Intel::FILE_HASH Mandiant Apt1 Report T -468ff2c12cffc7e5b2fe0ee6bb3b239e Intel::FILE_HASH Mandiant Apt1 Report T -46a86e3c12d5025aa78c7ddf46717c38 Intel::FILE_HASH Mandiant Apt1 Report T -46acae84a04e41730d0502d9080bbb4a Intel::FILE_HASH Mandiant Apt1 Report T -46c36c11238100e155f6d418332869ea Intel::FILE_HASH Mandiant Apt1 Report T -471005f73280264c48f769e1c21fbcc1 Intel::FILE_HASH Mandiant Apt1 Report T -4749f6336eb86b5fa7029661f88ded20 Intel::FILE_HASH Mandiant Apt1 Report T -476fea8761a03bef16e322996c2f6666 Intel::FILE_HASH Mandiant Apt1 Report T -4788960e489197f2633f581607eb0d26 Intel::FILE_HASH Mandiant Apt1 Report T -47e7f92419eb4b98ff4124c3ca11b738 Intel::FILE_HASH Mandiant Apt1 Report T -494637c4ac6d04bb50a681e87b81043f Intel::FILE_HASH Mandiant Apt1 Report T -494fca685834f3158d133f6b09cbb507 Intel::FILE_HASH Mandiant Apt1 Report T -4962cb3f255b2eaf48847c754d2a553d Intel::FILE_HASH Mandiant Apt1 Report T -496f04719a365f9718919002eff5748b Intel::FILE_HASH Mandiant Apt1 Report T -497f07f54a4c29fe3be1a15f4516e32d Intel::FILE_HASH Mandiant Apt1 Report T -49bacedcd18f6d8929d43a10dae8645f Intel::FILE_HASH Mandiant Apt1 Report T -4a2320b41a5216c741bf63fce562961a Intel::FILE_HASH Mandiant Apt1 Report T -4a54d7878d4170c3d4e3c3606365c42c Intel::FILE_HASH Mandiant Apt1 Report T -4aadab80ce16c588b8719f15e84aba82 Intel::FILE_HASH Mandiant Apt1 Report T -4ab62c8e525bee410cd4b6cfeea7d221 Intel::FILE_HASH Mandiant Apt1 Report T -4ad4258b73430fc3e843a2e59d8ee70a Intel::FILE_HASH Mandiant Apt1 Report T -4b19a2a6d40a5825e868c6ef25ae445e Intel::FILE_HASH Mandiant Apt1 Report T -4c6bddcca2695d6202df38708e14fc7e Intel::FILE_HASH Mandiant Apt1 Report T -4c858a80df0d6de5d69824c9502b65cf Intel::FILE_HASH Mandiant Apt1 Report T -4c9c9dbf388a8d81d8cfb4d3fc05f8e4 Intel::FILE_HASH Mandiant Apt1 Report T -4cabfaef26fd8e5aec01d0c4b90a32f3 Intel::FILE_HASH Mandiant Apt1 Report T -4cd3bed14aaffcf61f4d2948484c4c90 Intel::FILE_HASH Mandiant Apt1 Report T -4d21cc82e4031e1d6bb15541827b9e67 Intel::FILE_HASH Mandiant Apt1 Report T -4e1a92036a577a87a6fa36168d192c4b Intel::FILE_HASH Mandiant Apt1 Report T -4e3ddb5c27e45ee0e6dcc02e87b0abb5 Intel::FILE_HASH Mandiant Apt1 Report T -4e551abcd14506092a0f8d54a45f3569 Intel::FILE_HASH Mandiant Apt1 Report T -4f65bc571cdd9c9cd11e771e1db35a4c Intel::FILE_HASH Mandiant Apt1 Report T -4f763b07a7b8a80f1f9408e590f79532 Intel::FILE_HASH Mandiant Apt1 Report T -50361f8793258b6e883b31269e053ed2 Intel::FILE_HASH Mandiant Apt1 Report T -50a3aaaebae6cee7ecb150ac395276b9 Intel::FILE_HASH Mandiant Apt1 Report T -50f35b7c86aede891a72fcb85f06b0b7 Intel::FILE_HASH Mandiant Apt1 Report T -5100f0a34695c4c9dc7e915177041cad Intel::FILE_HASH Mandiant Apt1 Report T -51326bf40da5a5357a143dd9a6e6a11c Intel::FILE_HASH Mandiant Apt1 Report T -51ce169debea41314f591290839fd55f Intel::FILE_HASH Mandiant Apt1 Report T -522d32a505f78f09303e689999a3e461 Intel::FILE_HASH Mandiant Apt1 Report T -523cf1c9741f5f9d11388a58de6a83a4 Intel::FILE_HASH Mandiant Apt1 Report T -523f56515221161579ee6090c962e5b1 Intel::FILE_HASH Mandiant Apt1 Report T -52509abd1cc7b7fb391b19929e0d99c0 Intel::FILE_HASH Mandiant Apt1 Report T -52bd3ceef33900d53315f89538128026 Intel::FILE_HASH Mandiant Apt1 Report T -52cb7fed85bd7ff6797fbc70105a09fe Intel::FILE_HASH Mandiant Apt1 Report T -531a3b0acd95f55c3a7418d31f741357 Intel::FILE_HASH Mandiant Apt1 Report T -53600687ec97c297f03b4f0f4710d0c5 Intel::FILE_HASH Mandiant Apt1 Report T -53b263dd41838aa178a5ced338a207f3 Intel::FILE_HASH Mandiant Apt1 Report T -543c283d691939d99667e22bcb7be610 Intel::FILE_HASH Mandiant Apt1 Report T -543e03cc5872e9ed870b2d64363f518b Intel::FILE_HASH Mandiant Apt1 Report T -54d5d171a482278cc8eacf08d9175fd7 Intel::FILE_HASH Mandiant Apt1 Report T -5537bdce991797198a9ff97ff1492f90 Intel::FILE_HASH Mandiant Apt1 Report T -55886d571c2a57984ea9659b57e1c63a Intel::FILE_HASH Mandiant Apt1 Report T -55bd26326db3d512b6bd9f75d6671819 Intel::FILE_HASH Mandiant Apt1 Report T -55f60194833efcbc8ac16bd0a1cced1a Intel::FILE_HASH Mandiant Apt1 Report T -55fb1409170c91740359d1d96364f17b Intel::FILE_HASH Mandiant Apt1 Report T -5613e6d7111b327307c02bec1701ac3f Intel::FILE_HASH Mandiant Apt1 Report T -565b6fedccab184c92e40483ea49a25f Intel::FILE_HASH Mandiant Apt1 Report T -567395a3c720fcd09eb75b6c188b8687 Intel::FILE_HASH Mandiant Apt1 Report T -56892b0befe8b7a188fdb7e72a07e60f Intel::FILE_HASH Mandiant Apt1 Report T -56a5d0575c0c712deb16f465ac888a65 Intel::FILE_HASH Mandiant Apt1 Report T -56c26b175ae23d90244805a6ec347e42 Intel::FILE_HASH Mandiant Apt1 Report T -56c8ff5c6832f1e31a59e0717c3ab79c Intel::FILE_HASH Mandiant Apt1 Report T -56de2854ef64d869b5df7af5e4effe3e Intel::FILE_HASH Mandiant Apt1 Report T -56dff5cdfee293100b59096326fb0daf Intel::FILE_HASH Mandiant Apt1 Report T -57326cd78a56d26e349bbd4bcc5b9fa2 Intel::FILE_HASH Mandiant Apt1 Report T -575836ebb1b8849f04e994e9160370e4 Intel::FILE_HASH Mandiant Apt1 Report T -5790c7c09735cf1ccf10625c7cd87f5e Intel::FILE_HASH Mandiant Apt1 Report T -57cbf78c226265cc1e61ad86779bf906 Intel::FILE_HASH Mandiant Apt1 Report T -57cfef3e32e60df11b8d2c5375f3185c Intel::FILE_HASH Mandiant Apt1 Report T -57e79f7df13c0cb01910d0c688fcd296 Intel::FILE_HASH Mandiant Apt1 Report T -57f98d16ac439a11012860f88db21831 Intel::FILE_HASH Mandiant Apt1 Report T -580a4c05982accc678a72c366b45815d Intel::FILE_HASH Mandiant Apt1 Report T -585691777080b419b523938edd3ba2d6 Intel::FILE_HASH Mandiant Apt1 Report T -588c40520a3cea27d2b35cd1fa05e23f Intel::FILE_HASH Mandiant Apt1 Report T -58b020fd3bc0d34e8c4eaf0a3f3135af Intel::FILE_HASH Mandiant Apt1 Report T -592a33f691daa01ccbfc8078ad961b43 Intel::FILE_HASH Mandiant Apt1 Report T -59620925bf1c4f760c4bf225c7efd6c0 Intel::FILE_HASH Mandiant Apt1 Report T -5a032c13942a46c5ae015f53d9ce138a Intel::FILE_HASH Mandiant Apt1 Report T -5a3abb8053c271c58e879b3b9cf8c8f5 Intel::FILE_HASH Mandiant Apt1 Report T -5a728cb9ce56763dccb32b5298d0f050 Intel::FILE_HASH Mandiant Apt1 Report T -5aeaa53340a281074fcb539967438e3f Intel::FILE_HASH Mandiant Apt1 Report T -5bac505fdc202e1c6507ef381a881ed1 Intel::FILE_HASH Mandiant Apt1 Report T -5bcaa2f4bc7567f6ffd5507a161e221a Intel::FILE_HASH Mandiant Apt1 Report T -5bd5a22d42c04db7ac1343a2a9f471fe Intel::FILE_HASH Mandiant Apt1 Report T -5c4806b5859b35a3df03763e9c7ecbf6 Intel::FILE_HASH Mandiant Apt1 Report T -5c6f30cc369cd164d44941d381e282cc Intel::FILE_HASH Mandiant Apt1 Report T -5ccb52a8e3c31dde2ddbc486a2215e85 Intel::FILE_HASH Mandiant Apt1 Report T -5cd578614afb50b925008b68b3accdb9 Intel::FILE_HASH Mandiant Apt1 Report T -5cd7526fc7d849cbbf8c9d1ffe97a991 Intel::FILE_HASH Mandiant Apt1 Report T -5cf0959687427850a92d7f69edd41b86 Intel::FILE_HASH Mandiant Apt1 Report T -5d8129be965fab8115eca34fc84bd7f0 Intel::FILE_HASH Mandiant Apt1 Report T -5dea347d29a3e9c21c52385a10224b65 Intel::FILE_HASH Mandiant Apt1 Report T -5e17055c51724b0b89ff036d02f5208a Intel::FILE_HASH Mandiant Apt1 Report T -5e1d81618eaf005b8e0cd63fbc9a4937 Intel::FILE_HASH Mandiant Apt1 Report T -5e33a9835bced338cb1959c347ac6798 Intel::FILE_HASH Mandiant Apt1 Report T -5e42780f52763c77d592044e535e4b01 Intel::FILE_HASH Mandiant Apt1 Report T -5e686bd284022e35559a9c6118df8f1e Intel::FILE_HASH Mandiant Apt1 Report T -5f837bbfd3b458321070e2aebca4ec46 Intel::FILE_HASH Mandiant Apt1 Report T -5fa50476240c9c59cb72b345751434ce Intel::FILE_HASH Mandiant Apt1 Report T -5ff3269faca4a67d1a4c537154aaad4b Intel::FILE_HASH Mandiant Apt1 Report T -6040dd5b603483f738be6a02a63538f2 Intel::FILE_HASH Mandiant Apt1 Report T -605c1dc91a5c85024160ce78dfac842d Intel::FILE_HASH Mandiant Apt1 Report T -609d917a7f0c526b0d8091c8191da376 Intel::FILE_HASH Mandiant Apt1 Report T -611b1577ba976f76fc01368545bc395c Intel::FILE_HASH Mandiant Apt1 Report T -611c8f862864af818202865b78ad7ca8 Intel::FILE_HASH Mandiant Apt1 Report T -61daab56e07dfa3a236d8aec9eb80545 Intel::FILE_HASH Mandiant Apt1 Report T -61e0da42d5d084af24d31fbcef4ff409 Intel::FILE_HASH Mandiant Apt1 Report T -620c6a6cff832e35090487680123f52b Intel::FILE_HASH Mandiant Apt1 Report T -62a35021454e17f4a913e577d7ecd22f Intel::FILE_HASH Mandiant Apt1 Report T -62bee50b480f6a6aa427a00464baf376 Intel::FILE_HASH Mandiant Apt1 Report T -62c72767508e461cfe94b0c706e6d446 Intel::FILE_HASH Mandiant Apt1 Report T -62d60a1cd1e7ba73aebc98812e5ac266 Intel::FILE_HASH Mandiant Apt1 Report T -62ea10608f0d54cd284e8d7be32f206e Intel::FILE_HASH Mandiant Apt1 Report T -633cb95904ab9dc0a3de4ddd443494e8 Intel::FILE_HASH Mandiant Apt1 Report T -6377ec0c87f4ec1e7897751dd85d73d4 Intel::FILE_HASH Mandiant Apt1 Report T -63db2f4fd717723f0e6f94e0a6a62c7b Intel::FILE_HASH Mandiant Apt1 Report T -6461ea41f179e660c40ed65aee1a4a2d Intel::FILE_HASH Mandiant Apt1 Report T -648ce1c45927b24563dd8361a1b74311 Intel::FILE_HASH Mandiant Apt1 Report T -649d54bc9eef5a60a4b9d8b889fee139 Intel::FILE_HASH Mandiant Apt1 Report T -64fa1239f5aa9a9031e61533283f8c22 Intel::FILE_HASH Mandiant Apt1 Report T -65018cd542145a3792ba09985734c12a Intel::FILE_HASH Mandiant Apt1 Report T -650a6fca433ee243391e4b4c11f09438 Intel::FILE_HASH Mandiant Apt1 Report T -6510cee34da30c7ef5e5e39980402257 Intel::FILE_HASH Mandiant Apt1 Report T -651d83c1b85acb204abd5bf7990a1298 Intel::FILE_HASH Mandiant Apt1 Report T -656baf38fa5ee776e2576cead664d004 Intel::FILE_HASH Mandiant Apt1 Report T -6570163cd34454b3d1476c134d44b9d9 Intel::FILE_HASH Mandiant Apt1 Report T -6576c196385407b0f7f4b1b537d88983 Intel::FILE_HASH Mandiant Apt1 Report T -668b92feb7cbcc7ac75ff97dcec28d10 Intel::FILE_HASH Mandiant Apt1 Report T -66c287675cd4c7172590f71181e723a8 Intel::FILE_HASH Mandiant Apt1 Report T -67504a0c2c2bf47efccdab5ca981ad7d Intel::FILE_HASH Mandiant Apt1 Report T -6767eeb485232436de9553988765fb89 Intel::FILE_HASH Mandiant Apt1 Report T -67f62f5accfeacf5e828c3b3905248fe Intel::FILE_HASH Mandiant Apt1 Report T -6808ec6dbb23f0fa7637c108f44c5c80 Intel::FILE_HASH Mandiant Apt1 Report T -6846ad52c9208830ceaf4cfd81402015 Intel::FILE_HASH Mandiant Apt1 Report T -687a58dcbc076b04bef4ec6050310fb5 Intel::FILE_HASH Mandiant Apt1 Report T -689dcd40d5eae8c0d315265f3d90ffae Intel::FILE_HASH Mandiant Apt1 Report T -68af7be698e8a7408451c158c04a9712 Intel::FILE_HASH Mandiant Apt1 Report T -68c67a6e26855ebc2569d67689c69a6e Intel::FILE_HASH Mandiant Apt1 Report T -68d2fd5049e70942d164e4e25d13dd8e Intel::FILE_HASH Mandiant Apt1 Report T -68e5bff12ac33ecb98977afed51ebad0 Intel::FILE_HASH Mandiant Apt1 Report T -693f711d8fab66a3efca98a19a733d56 Intel::FILE_HASH Mandiant Apt1 Report T -698fbe7ed1ddd7f5c76b86fad3f7a485 Intel::FILE_HASH Mandiant Apt1 Report T -69dc1e1ee273e531e91c60eb86396cc8 Intel::FILE_HASH Mandiant Apt1 Report T -6a4fbcfb44717eae2145c761c1c99b6a Intel::FILE_HASH Mandiant Apt1 Report T -6a88f170ab6cb0f9b3252adc61b4f487 Intel::FILE_HASH Mandiant Apt1 Report T -6ab7fa8e5fb63b8d0723387d0a1ffe6d Intel::FILE_HASH Mandiant Apt1 Report T -6b3d19cc86d82b06f5db3ae9d5ba8a5f Intel::FILE_HASH Mandiant Apt1 Report T -6b4ac249f918be9f7bc64ae7fdda947e Intel::FILE_HASH Mandiant Apt1 Report T -6b6c4c0e2959df248be90d89899953a9 Intel::FILE_HASH Mandiant Apt1 Report T -6bf8f1f99ac5bba0db1b66518df378a4 Intel::FILE_HASH Mandiant Apt1 Report T -6bf9083f1567edce004bd1f7c456659d Intel::FILE_HASH Mandiant Apt1 Report T -6c5c5e4049265fffc87973f3e4978b26 Intel::FILE_HASH Mandiant Apt1 Report T -6c65c697bcff935484a5cd2e7dd2e7d2 Intel::FILE_HASH Mandiant Apt1 Report T -6c9c9e40683467f60b910d5bad5285ae Intel::FILE_HASH Mandiant Apt1 Report T -6ca59c9c4165796e08ba6ca3eeffdee6 Intel::FILE_HASH Mandiant Apt1 Report T -6d2320af561b2315c1241e3efd86067f Intel::FILE_HASH Mandiant Apt1 Report T -6db47757ba324bb61ce3cbcabbec52d4 Intel::FILE_HASH Mandiant Apt1 Report T -6deae79fc82df523ba99852266a33f9e Intel::FILE_HASH Mandiant Apt1 Report T -6e442c5ef460bee4c9457c6bf7a132d6 Intel::FILE_HASH Mandiant Apt1 Report T -6e8f302794cfaae731840e345063e652 Intel::FILE_HASH Mandiant Apt1 Report T -6e9bedcf80f21171adb951a0d85d2adb Intel::FILE_HASH Mandiant Apt1 Report T -6eb99bed5b5fcb3fdb26f37aff2c9adb Intel::FILE_HASH Mandiant Apt1 Report T -6ebbfa603aa4e90148ad0b726806c359 Intel::FILE_HASH Mandiant Apt1 Report T -6ebd05a02459d3b22a9d4a79b8626bf1 Intel::FILE_HASH Mandiant Apt1 Report T -6eebee2aebd5194db62cb8230502378c Intel::FILE_HASH Mandiant Apt1 Report T -6f4182baa5a57b717cb9d850dfadb60a Intel::FILE_HASH Mandiant Apt1 Report T -6f551594fdf3539c62389c0cf0d2e16a Intel::FILE_HASH Mandiant Apt1 Report T -6f6abd53e10567d1534514fc36fca2e9 Intel::FILE_HASH Mandiant Apt1 Report T -6f9992c486195edcf0bf2f6ee6c3ec74 Intel::FILE_HASH Mandiant Apt1 Report T -6faa4740f99408d4d2dddd0b09bbdefd Intel::FILE_HASH Mandiant Apt1 Report T -6fbf667e82c1477c4ce635b57b83bfa0 Intel::FILE_HASH Mandiant Apt1 Report T -6fdec862951e8b128cd7a07b2031eef6 Intel::FILE_HASH Mandiant Apt1 Report T -70a55fdc712c6e31e013e6b5d412b0d6 Intel::FILE_HASH Mandiant Apt1 Report T -70bb674fc97d7bf4d8dbbe3636f65c4a Intel::FILE_HASH Mandiant Apt1 Report T -70c10f8b4dcd01b07be6cfb4df0d3348 Intel::FILE_HASH Mandiant Apt1 Report T -70e2827ab4af1a38dc09a02fa95b82fe Intel::FILE_HASH Mandiant Apt1 Report T -71173ad2bc7b39342b1bdaadeaaa0d8a Intel::FILE_HASH Mandiant Apt1 Report T -7127241c033c403b18bd281d0dfc4e31 Intel::FILE_HASH Mandiant Apt1 Report T -71536d2e95420c55412c12dffea1a0a6 Intel::FILE_HASH Mandiant Apt1 Report T -7253de652a025b2b4fa7b02e97a1ee6b Intel::FILE_HASH Mandiant Apt1 Report T -727a6800991eead454e53e8af164a99c Intel::FILE_HASH Mandiant Apt1 Report T -7388d67561d0a7989202ad4d37eff24f Intel::FILE_HASH Mandiant Apt1 Report T -73a63c21a08b0ad2c69999e448f8e6a1 Intel::FILE_HASH Mandiant Apt1 Report T -73d125f84503bd87f8142cf2ba8ab05e Intel::FILE_HASH Mandiant Apt1 Report T -74b3ee9f3f6c52413db6e5c9ace34893 Intel::FILE_HASH Mandiant Apt1 Report T -75372eb37415140fa5464f1ebb8a0e74 Intel::FILE_HASH Mandiant Apt1 Report T -753ec12f61c2f7c9a5763c9063a16106 Intel::FILE_HASH Mandiant Apt1 Report T -759b320aca72ba446e7e156407ebc10d Intel::FILE_HASH Mandiant Apt1 Report T -75dad1ccabae8adeb5bae899d0c630f8 Intel::FILE_HASH Mandiant Apt1 Report T -75f37a69664362462ad491741a34f195 Intel::FILE_HASH Mandiant Apt1 Report T -75ff4bd6b209b6f10472c4cd22e3f9e6 Intel::FILE_HASH Mandiant Apt1 Report T -760339e927e391e289bd91bad4cd59c3 Intel::FILE_HASH Mandiant Apt1 Report T -769aeae232c6162cedcb6c7255640c4c Intel::FILE_HASH Mandiant Apt1 Report T -76ba06bac23a2c445cb982bf38b82199 Intel::FILE_HASH Mandiant Apt1 Report T -76bf44d7734ec8581e846a9f3005aed4 Intel::FILE_HASH Mandiant Apt1 Report T -76c1b246703a10cb6e71a3e5b7b55b24 Intel::FILE_HASH Mandiant Apt1 Report T -76f6c7301dbf0219eae991d65804292a Intel::FILE_HASH Mandiant Apt1 Report T -7704ad9e8e0e3d75075e4c294f698d53 Intel::FILE_HASH Mandiant Apt1 Report T -7712d05c8b499fc7a1f4a6a6b6dee825 Intel::FILE_HASH Mandiant Apt1 Report T -772c771e13e599cbf25bf9e0199681f7 Intel::FILE_HASH Mandiant Apt1 Report T -77382bb7fd431211b32d84d4de74b043 Intel::FILE_HASH Mandiant Apt1 Report T -775459afc5415984dfa2a0f533011763 Intel::FILE_HASH Mandiant Apt1 Report T -77afced93e20b1bb906796197fa1dd1d Intel::FILE_HASH Mandiant Apt1 Report T -77dc072fdd632c12bacc09ceb8e6ee39 Intel::FILE_HASH Mandiant Apt1 Report T -77fbfed235d6062212a3e43211a5706e Intel::FILE_HASH Mandiant Apt1 Report T -785003a405bc7a4ebcbb21ddb757bf3f Intel::FILE_HASH Mandiant Apt1 Report T -78524ba7f66c0ec4a3755e51709db1aa Intel::FILE_HASH Mandiant Apt1 Report T -7852b941a46e37fe9b332b1be77a6960 Intel::FILE_HASH Mandiant Apt1 Report T -79841c13f645118a600d19def3642d1a Intel::FILE_HASH Mandiant Apt1 Report T -79f3bac2826f8511c96240758af116b4 Intel::FILE_HASH Mandiant Apt1 Report T -7a2692cafec377c444bc3147fc43e57f Intel::FILE_HASH Mandiant Apt1 Report T -7a2eba5ca6f9b2cec61c5cc55dfca762 Intel::FILE_HASH Mandiant Apt1 Report T -7a660a9e48f6065333f388f2c0a67bd8 Intel::FILE_HASH Mandiant Apt1 Report T -7a670d13d4d014169c4080328b8feb86 Intel::FILE_HASH Mandiant Apt1 Report T -7a7a46e8fbc25a624d58e897dee04ffa Intel::FILE_HASH Mandiant Apt1 Report T -7ab86c938b960dfc0c4ffbadd4163666 Intel::FILE_HASH Mandiant Apt1 Report T -7acb0d1df51706536f33bbdb990041d3 Intel::FILE_HASH Mandiant Apt1 Report T -7aecb34616245eb6b2906358151be55b Intel::FILE_HASH Mandiant Apt1 Report T -7aef47f9fd84669976c4b152910a6328 Intel::FILE_HASH Mandiant Apt1 Report T -7af399ff99109a9501da73337c0bdf4b Intel::FILE_HASH Mandiant Apt1 Report T -7b3ce6c2af1acd119a25831fac670bab Intel::FILE_HASH Mandiant Apt1 Report T -7b42b35832855ab4ff37ae9b8fa9e571 Intel::FILE_HASH Mandiant Apt1 Report T -7b451bbbdc840378b785bed6b9e30e0f Intel::FILE_HASH Mandiant Apt1 Report T -7be6c90facbfe9ecf470fb27e6673fbc Intel::FILE_HASH Mandiant Apt1 Report T -7bfeb0eaa1c51513e60bc0abafb1be9f Intel::FILE_HASH Mandiant Apt1 Report T -7c82cd17b0fa420f09f97e060621ed7b Intel::FILE_HASH Mandiant Apt1 Report T -7cb055ac3acbf53e07e20b65ec9126a1 Intel::FILE_HASH Mandiant Apt1 Report T -7ce16b35201d8d35965ec7aeebdc80ff Intel::FILE_HASH Mandiant Apt1 Report T -7d0efb2480834a6a80210b7342d51154 Intel::FILE_HASH Mandiant Apt1 Report T -7d25a80fe2c42368adaea5fcbab866b6 Intel::FILE_HASH Mandiant Apt1 Report T -7d3140bd028f70f1fa865364b69c5999 Intel::FILE_HASH Mandiant Apt1 Report T -7deed54a40efc12ea03e3f1859522862 Intel::FILE_HASH Mandiant Apt1 Report T -7e56369d466dd3d85a9b31f65ee8e551 Intel::FILE_HASH Mandiant Apt1 Report T -7e64b28b0050d23970478c81e8037470 Intel::FILE_HASH Mandiant Apt1 Report T -7e8d1f26679a88268e273ab498e597f4 Intel::FILE_HASH Mandiant Apt1 Report T -7eedcd6d00b4f08b825b4c134b6d8f1a Intel::FILE_HASH Mandiant Apt1 Report T -7f1a4bc267ace340a5aa7a0b79cbf349 Intel::FILE_HASH Mandiant Apt1 Report T -7f26403f8e59a5f2728af2d3e0efaabb Intel::FILE_HASH Mandiant Apt1 Report T -7f398b00546c3a0946cd6142c308a556 Intel::FILE_HASH Mandiant Apt1 Report T -7fc52a32337386d867a952a2c8644353 Intel::FILE_HASH Mandiant Apt1 Report T -80856bd8ef7d5dbc3dc774f581855549 Intel::FILE_HASH Mandiant Apt1 Report T -80bca9f272152280a462f84f1588c0cc Intel::FILE_HASH Mandiant Apt1 Report T -8153b612499dbf432e2d9805b20ae783 Intel::FILE_HASH Mandiant Apt1 Report T -815a89041dea3e56348f8f5c8b7d1457 Intel::FILE_HASH Mandiant Apt1 Report T -81602ce95a4b7f3d3cd1953a2456cd92 Intel::FILE_HASH Mandiant Apt1 Report T -81b03cbcfc4b9d090cd8f5e5da816895 Intel::FILE_HASH Mandiant Apt1 Report T -81ce61ed2dc567ce70589386563890ca Intel::FILE_HASH Mandiant Apt1 Report T -82390e18379710df84d48881a1c1d0ed Intel::FILE_HASH Mandiant Apt1 Report T -827040a5f5ae8de281a63899224b2f3a Intel::FILE_HASH Mandiant Apt1 Report T -82b065518f085c6ceb0a9135ab51df41 Intel::FILE_HASH Mandiant Apt1 Report T -830a748959bdd1ad3b6a1f72aab6f063 Intel::FILE_HASH Mandiant Apt1 Report T -830e5cd6d590aa65dd3e2c1a01b42259 Intel::FILE_HASH Mandiant Apt1 Report T -831a67dc75e2d4505180888747bc8ea9 Intel::FILE_HASH Mandiant Apt1 Report T -8387adb5325035baa3fe3a2b0cb4921a Intel::FILE_HASH Mandiant Apt1 Report T -839c8c06c4d81f523078b0d45d8250ff Intel::FILE_HASH Mandiant Apt1 Report T -83b3711c32d28a87b173e7e5aba5f826 Intel::FILE_HASH Mandiant Apt1 Report T -8412a3e37499f8289faf54546824ab61 Intel::FILE_HASH Mandiant Apt1 Report T -8442ae37b91f279a9f06de4c60b286a3 Intel::FILE_HASH Mandiant Apt1 Report T -8454918f639a1b0719e00627f211d2ed Intel::FILE_HASH Mandiant Apt1 Report T -8462a62f13f92c34e4b89a7d13a185ad Intel::FILE_HASH Mandiant Apt1 Report T -855ca1b45a247754ad91d50827a2e16c Intel::FILE_HASH Mandiant Apt1 Report T -85c4081a97255ac7ca7d0d5554e86ec1 Intel::FILE_HASH Mandiant Apt1 Report T -85c828f5ea5d99e0c98017f6d6be243f Intel::FILE_HASH Mandiant Apt1 Report T -86a906db5686bbf487689937d15bf71a Intel::FILE_HASH Mandiant Apt1 Report T -86b1f3874bf741a3f9c0d74625af5f8d Intel::FILE_HASH Mandiant Apt1 Report T -86b68ad2e9c33eadf134285ea142ccc2 Intel::FILE_HASH Mandiant Apt1 Report T -86dd715a8d28788e68a575207d66df34 Intel::FILE_HASH Mandiant Apt1 Report T -871cc547feb9dbec0285321068e392b8 Intel::FILE_HASH Mandiant Apt1 Report T -8725870a43192cb0176c82012996910a Intel::FILE_HASH Mandiant Apt1 Report T -874bb818208655b59a8c4c1ae2aef379 Intel::FILE_HASH Mandiant Apt1 Report T -876ee736ebad6917a259456fc3a2f11b Intel::FILE_HASH Mandiant Apt1 Report T -87efe3671ef8f1eca57f2d8f7e4711d9 Intel::FILE_HASH Mandiant Apt1 Report T -8845cb5b4e450cb10a3b6ca41a9b4319 Intel::FILE_HASH Mandiant Apt1 Report T -88b5f635ac9031bcdeda1f751952f966 Intel::FILE_HASH Mandiant Apt1 Report T -88c7c50cd4130561d57a1d3b82c5b953 Intel::FILE_HASH Mandiant Apt1 Report T -88dbcc682635b4013bcba5ad28bb976b Intel::FILE_HASH Mandiant Apt1 Report T -8913ac72cdb8afd98bd8446896e1595a Intel::FILE_HASH Mandiant Apt1 Report T -89164a973ae081991a973aa9d5cdee7c Intel::FILE_HASH Mandiant Apt1 Report T -8934aeed5d213fe29e858eee616a6ec7 Intel::FILE_HASH Mandiant Apt1 Report T -898a8a43c8708961094944fb42c278ab Intel::FILE_HASH Mandiant Apt1 Report T -89a2802e2f2356ce6a757f833c3ba3ef Intel::FILE_HASH Mandiant Apt1 Report T -8a7764ded8467bd0fd0c30adc2acc1d4 Intel::FILE_HASH Mandiant Apt1 Report T -8a86df3d382bfd1e4c4165f4cacfdff8 Intel::FILE_HASH Mandiant Apt1 Report T -8b75bcbff174c25a0161f30758509a44 Intel::FILE_HASH Mandiant Apt1 Report T -8bf9698c18b2aa23f71444af2571a6ad Intel::FILE_HASH Mandiant Apt1 Report T -8c57b287a1d2140ccedd6cd097d62ded Intel::FILE_HASH Mandiant Apt1 Report T -8c6ece2ade2bfad3171c925baa64af50 Intel::FILE_HASH Mandiant Apt1 Report T -8c9871a9eb88ffc43507f988b222dc52 Intel::FILE_HASH Mandiant Apt1 Report T -8cb321a7871706fb6246489cb7c4da03 Intel::FILE_HASH Mandiant Apt1 Report T -8cda4e0ee20ddd00003caf7947af7fe4 Intel::FILE_HASH Mandiant Apt1 Report T -8d251ef81b1e2251601a7b2b0c03ec05 Intel::FILE_HASH Mandiant Apt1 Report T -8d81eeaeb0bd74a1faab257079452078 Intel::FILE_HASH Mandiant Apt1 Report T -8dc3561ca52bfe40089f3ee0af7fdd9d Intel::FILE_HASH Mandiant Apt1 Report T -8dfbf8a46d3a302fd420305918e9414d Intel::FILE_HASH Mandiant Apt1 Report T -8e1ec7e556b8c6612b6c34e310c50b66 Intel::FILE_HASH Mandiant Apt1 Report T -8e8622c393d7e832d39e620ead5d3b49 Intel::FILE_HASH Mandiant Apt1 Report T -8f3d20c983f9d82a8ff17466f45ee757 Intel::FILE_HASH Mandiant Apt1 Report T -8f4863b4dfb52d8362c031d3720a6d97 Intel::FILE_HASH Mandiant Apt1 Report T -8fc5fb519a222ab919f28d21545774c6 Intel::FILE_HASH Mandiant Apt1 Report T -8fdb15f3d5480de78c61ccef23722683 Intel::FILE_HASH Mandiant Apt1 Report T -91dc97c4b66e3282e1aa831e0bb0bb14 Intel::FILE_HASH Mandiant Apt1 Report T -91deceb64c795927c6ea07f695f67334 Intel::FILE_HASH Mandiant Apt1 Report T -91f538c08b9dee1bb0c6b6c82f727c5d Intel::FILE_HASH Mandiant Apt1 Report T -9206ae65b685dc7ea1cf1ec02606de6c Intel::FILE_HASH Mandiant Apt1 Report T -929802a27737cebc59d19da724fdf30a Intel::FILE_HASH Mandiant Apt1 Report T -933b11bc4799f8d9f65466fb2e3ea659 Intel::FILE_HASH Mandiant Apt1 Report T -9371fcd92ef86ccf450af903bc74ec01 Intel::FILE_HASH Mandiant Apt1 Report T -9400fb97c145587b17fb456fac636771 Intel::FILE_HASH Mandiant Apt1 Report T -94a59ce0fadf84f6efa10fe7d5ee3a03 Intel::FILE_HASH Mandiant Apt1 Report T -950234183528ce107d65b700be1bbbd3 Intel::FILE_HASH Mandiant Apt1 Report T -9548e5ed4fbacd0ed4a9d6a27f5d8fec Intel::FILE_HASH Mandiant Apt1 Report T -959c680c26f26e7f1dd61607942dc96a Intel::FILE_HASH Mandiant Apt1 Report T -95d85aa629a786bb67439a064c4349ec Intel::FILE_HASH Mandiant Apt1 Report T -95f25d3afc5370f5d9fd8e65c17d3599 Intel::FILE_HASH Mandiant Apt1 Report T -966db6a32ccf7e57394706abc3999189 Intel::FILE_HASH Mandiant Apt1 Report T -9675827a495f4ba6a4efd4dd70932b7c Intel::FILE_HASH Mandiant Apt1 Report T -973f4a238d6d19bdc7b42977b07b9cef Intel::FILE_HASH Mandiant Apt1 Report T -97c83d85bd76a38b13cea960a1a97f70 Intel::FILE_HASH Mandiant Apt1 Report T -98409dbf432419024dbf028c004344c1 Intel::FILE_HASH Mandiant Apt1 Report T -989b797c2a63fbfc8e1c6e8a8ccd6204 Intel::FILE_HASH Mandiant Apt1 Report T -98bddd6c789a883afa1de3524bb8ea8e Intel::FILE_HASH Mandiant Apt1 Report T -98cf219830733fb98fd2a957b7c4b163 Intel::FILE_HASH Mandiant Apt1 Report T -98d257a13d176940910d6441a854d7a4 Intel::FILE_HASH Mandiant Apt1 Report T -99882234b814b860a22b4d441b92fd82 Intel::FILE_HASH Mandiant Apt1 Report T -99a29ccea951a950040f3944abafed40 Intel::FILE_HASH Mandiant Apt1 Report T -99a39866a657a10949fcb6d634bb30d5 Intel::FILE_HASH Mandiant Apt1 Report T -99a7e4a01b813b9b26ba76bf0b484742 Intel::FILE_HASH Mandiant Apt1 Report T -9a58cc73e103fd5a14ef3564e35c03df Intel::FILE_HASH Mandiant Apt1 Report T -9a66fa24268d158341d497feecbed889 Intel::FILE_HASH Mandiant Apt1 Report T -9ad292de00b2175a80b5909fa173cdcd Intel::FILE_HASH Mandiant Apt1 Report T -9c03ab63a45d29aee90b72ae89f2f613 Intel::FILE_HASH Mandiant Apt1 Report T -9c36333385d351e59d6c4372d757479e Intel::FILE_HASH Mandiant Apt1 Report T -9cb07b71dcd1ac9dfdbf9f4cdfd4f273 Intel::FILE_HASH Mandiant Apt1 Report T -9d1d58e370bea4b5e79a1f914516cbc0 Intel::FILE_HASH Mandiant Apt1 Report T -9d5aabcda9106132d1e1b6cf6cae28aa Intel::FILE_HASH Mandiant Apt1 Report T -9d7499c3a01daba5c9b5090b079808ca Intel::FILE_HASH Mandiant Apt1 Report T -9d75897d9c0a5da7e95082ea5ae1f648 Intel::FILE_HASH Mandiant Apt1 Report T -9d85a2ae1e7971a49cb417d97797ac8a Intel::FILE_HASH Mandiant Apt1 Report T -9d8a7970be7826d29732817c0cc84bde Intel::FILE_HASH Mandiant Apt1 Report T -9d93fc89fb6e0a8142e837b2de045fdd Intel::FILE_HASH Mandiant Apt1 Report T -9dab4da07ed669b44f409eb60f3b0e50 Intel::FILE_HASH Mandiant Apt1 Report T -9df30198f52b16925db1e3da61cfc754 Intel::FILE_HASH Mandiant Apt1 Report T -9e30b1665077b7e65bc8ff1e7c752306 Intel::FILE_HASH Mandiant Apt1 Report T -9e511dc5ad8a884f4416e68c54f742e1 Intel::FILE_HASH Mandiant Apt1 Report T -9e860622fee66074dfe81dcfcc40c4e2 Intel::FILE_HASH Mandiant Apt1 Report T -9ea3c16194ce354c244c1b74c46cd92e Intel::FILE_HASH Mandiant Apt1 Report T -9ecf9d5d8872fe55ab120265c3749ffc Intel::FILE_HASH Mandiant Apt1 Report T -9f11bc08af048c5c3a110e567082fe0b Intel::FILE_HASH Mandiant Apt1 Report T -9f3fbec4341f246aa6131ab01d6e4234 Intel::FILE_HASH Mandiant Apt1 Report T -9fc3ed6c9b8056fbf155f79569ca7cb1 Intel::FILE_HASH Mandiant Apt1 Report T -a039a61e4c274811b0388aa517d29fbb Intel::FILE_HASH Mandiant Apt1 Report T -a1468ce16f2d17979cc1a61878c1c8c6 Intel::FILE_HASH Mandiant Apt1 Report T -a14e8df8bc55f7459d24fe526f51a16d Intel::FILE_HASH Mandiant Apt1 Report T -a17bb80ae02c8b003cf69222fa13f506 Intel::FILE_HASH Mandiant Apt1 Report T -a1b8aa19c92c257cbace54337f6672d3 Intel::FILE_HASH Mandiant Apt1 Report T -a1b924b8c8fa157ae8775fd86f692053 Intel::FILE_HASH Mandiant Apt1 Report T -a1cb8a9f2b8926afeb254a64f1d78ee3 Intel::FILE_HASH Mandiant Apt1 Report T -a24112e4b875038331d2672b6427763c Intel::FILE_HASH Mandiant Apt1 Report T -a241eec892637dec971bd925a40d3efb Intel::FILE_HASH Mandiant Apt1 Report T -a2534e9b7e4146368ea3245381830eb0 Intel::FILE_HASH Mandiant Apt1 Report T -a28ee614e3d783a7561cf8a5a469959f Intel::FILE_HASH Mandiant Apt1 Report T -a2cd1189860b9ba214421aab86ecbc8a Intel::FILE_HASH Mandiant Apt1 Report T -a2feee5e0ac3f825d4b7de7e0b95bb1f Intel::FILE_HASH Mandiant Apt1 Report T -a311516cdf06d3db4f49e67da5213ebe Intel::FILE_HASH Mandiant Apt1 Report T -a316d5aeca269ca865077e7fff356e7d Intel::FILE_HASH Mandiant Apt1 Report T -a34234a27157851300d9b698f6c56d9a Intel::FILE_HASH Mandiant Apt1 Report T -a354e3c566645100e757f3e43c9b007d Intel::FILE_HASH Mandiant Apt1 Report T -a360b16c19ab9dea6763f777257c5f38 Intel::FILE_HASH Mandiant Apt1 Report T -a38a367d6696ba90b2e778a5a4bf98fd Intel::FILE_HASH Mandiant Apt1 Report T -a40e20ff8b991308f508239625f275d8 Intel::FILE_HASH Mandiant Apt1 Report T -a4143ade719c2222d8602819a3e212ae Intel::FILE_HASH Mandiant Apt1 Report T -a44312eb63de002383a57b5a93271cdc Intel::FILE_HASH Mandiant Apt1 Report T -a4903f7c293993069f865468bd7cec78 Intel::FILE_HASH Mandiant Apt1 Report T -a4ad7335aa391519cc5fc9140f2562f2 Intel::FILE_HASH Mandiant Apt1 Report T -a510d0c9b7930abaa7aa6b0ac294e675 Intel::FILE_HASH Mandiant Apt1 Report T -a517ca12e2648b0590a5af565f8346b3 Intel::FILE_HASH Mandiant Apt1 Report T -a565682d8a13a5719977223e0d9c7aa4 Intel::FILE_HASH Mandiant Apt1 Report T -a5b581c0600815b1112ca2fed578928b Intel::FILE_HASH Mandiant Apt1 Report T -a5d4ebc0285f0213e0c29d23bc410889 Intel::FILE_HASH Mandiant Apt1 Report T -a6117891e42ee7db36253b57839c8b8f Intel::FILE_HASH Mandiant Apt1 Report T -a639f598d4c0b9aa7a4691d05f27d977 Intel::FILE_HASH Mandiant Apt1 Report T -a6725f263daf3e94adc3668751b909d0 Intel::FILE_HASH Mandiant Apt1 Report T -a6a583aeaf4952787e15f30d289ca138 Intel::FILE_HASH Mandiant Apt1 Report T -a6b99080565aa7933d946b8b9d9d7476 Intel::FILE_HASH Mandiant Apt1 Report T -a70aaf335f7f1a04c7fe194602b11c14 Intel::FILE_HASH Mandiant Apt1 Report T -a7117612ea6b6fa3307943f5ed21fbb4 Intel::FILE_HASH Mandiant Apt1 Report T -a7f17c75519fb8a39d37c47617202b05 Intel::FILE_HASH Mandiant Apt1 Report T -a807ad465b2fe5859c85626e97eaf907 Intel::FILE_HASH Mandiant Apt1 Report T -a810ab506857c933df2bea40ae0eb548 Intel::FILE_HASH Mandiant Apt1 Report T -a8b183fe32ad8d426e20227f3c8b7592 Intel::FILE_HASH Mandiant Apt1 Report T -a8b2ac446c614fd5d4880d95369deb3b Intel::FILE_HASH Mandiant Apt1 Report T -a8f259bb36e00d124963cfa9b86f502e Intel::FILE_HASH Mandiant Apt1 Report T -a96a6c91e71e243f00a64f53e2fd6415 Intel::FILE_HASH Mandiant Apt1 Report T -a9993969be3ea340d420eea5868c0d1d Intel::FILE_HASH Mandiant Apt1 Report T -a99e06e2f90db4e506ef1347a8774dd5 Intel::FILE_HASH Mandiant Apt1 Report T -aa4f1ecc4d25b33395196b5d51a06790 Intel::FILE_HASH Mandiant Apt1 Report T -ab00b38179851c8aa3f9bc80ed7baa23 Intel::FILE_HASH Mandiant Apt1 Report T -ab208f0b517ba9850f1551c9555b5313 Intel::FILE_HASH Mandiant Apt1 Report T -ab445da3ee4e81a84d644476f669d35c Intel::FILE_HASH Mandiant Apt1 Report T -abcaf816de63c632ec23d6bda3f02bb5 Intel::FILE_HASH Mandiant Apt1 Report T -abe6ab89f957f6edf8f41b5ad198e5e6 Intel::FILE_HASH Mandiant Apt1 Report T -abff707cb54a6e5a9fcbb3fef74dbddc Intel::FILE_HASH Mandiant Apt1 Report T -ac87816b9a371e72512d8fd82f61c737 Intel::FILE_HASH Mandiant Apt1 Report T -acb99e5318f7001298df1aef51a9463e Intel::FILE_HASH Mandiant Apt1 Report T -ace798670a64b38aa7d065c776b49f17 Intel::FILE_HASH Mandiant Apt1 Report T -ad3cccbe9ddff04b670d353b938f5da9 Intel::FILE_HASH Mandiant Apt1 Report T -ad7bdadde9a4da73ffc776c606dbb75e Intel::FILE_HASH Mandiant Apt1 Report T -ad8cde8841208ff226e04e8514dc699c Intel::FILE_HASH Mandiant Apt1 Report T -adb2fc194b960e694aa450161f1df6fc Intel::FILE_HASH Mandiant Apt1 Report T -adb62105427567ddc11124fc27921c40 Intel::FILE_HASH Mandiant Apt1 Report T -ae1dda87cc5998de79ecb68527bbd191 Intel::FILE_HASH Mandiant Apt1 Report T -af2745e8888f2ba17a9cf2e0779d3874 Intel::FILE_HASH Mandiant Apt1 Report T -af2f7b070245c90bd2a0a0845314173a Intel::FILE_HASH Mandiant Apt1 Report T -af719814507fdca4b96184f33b6b92ea Intel::FILE_HASH Mandiant Apt1 Report T -b0538781d47dde1e9a46a2610155c2d3 Intel::FILE_HASH Mandiant Apt1 Report T -b07322743778b5868475dbe66eedac4f Intel::FILE_HASH Mandiant Apt1 Report T -b0d4fbcc0c65c7d5ef7e1c4309c719cb Intel::FILE_HASH Mandiant Apt1 Report T -b145e4d19f5ecfaad45c795aee69c8dc Intel::FILE_HASH Mandiant Apt1 Report T -b1838a6c341260fbdaf288795cc63900 Intel::FILE_HASH Mandiant Apt1 Report T -b1912db011633d98bc40ac568a4167a7 Intel::FILE_HASH Mandiant Apt1 Report T -b1ee00cec6c2318fa86f320dd7fc99a8 Intel::FILE_HASH Mandiant Apt1 Report T -b1ff1ef983a1aee3a395788ec441d006 Intel::FILE_HASH Mandiant Apt1 Report T -b2599b3078c28a278a3e7cd8b46304da Intel::FILE_HASH Mandiant Apt1 Report T -b305b543da332a2fcf6e1ce55ed2ea79 Intel::FILE_HASH Mandiant Apt1 Report T -b36168ea438520875c621f5603db003f Intel::FILE_HASH Mandiant Apt1 Report T -b3848edbabfbce246a9faf5466e743bf Intel::FILE_HASH Mandiant Apt1 Report T -b3af1381f69e36b72e5b272f06aa1fa2 Intel::FILE_HASH Mandiant Apt1 Report T -b3bc979d8de3be09728c5de1a0297c4b Intel::FILE_HASH Mandiant Apt1 Report T -b3defdbd173738d44137f88a571647e1 Intel::FILE_HASH Mandiant Apt1 Report T -b43266a047b2895399f4883cfe37c089 Intel::FILE_HASH Mandiant Apt1 Report T -b47e5d095be9fd61016817359f6c2887 Intel::FILE_HASH Mandiant Apt1 Report T -b54f58c484f56c704858ccfffbb9d535 Intel::FILE_HASH Mandiant Apt1 Report T -b5a430a0696b5b25ae6b4fa5cbfe3333 Intel::FILE_HASH Mandiant Apt1 Report T -b5e9ce72771217680efaeecfafe3da3f Intel::FILE_HASH Mandiant Apt1 Report T -b631a3d832f7c22c26554711188f59c3 Intel::FILE_HASH Mandiant Apt1 Report T -b63452ecd2da62f30923a124bcd41b45 Intel::FILE_HASH Mandiant Apt1 Report T -b661f78279ca0b2e0ae611013eb00f20 Intel::FILE_HASH Mandiant Apt1 Report T -b6f2f483e03b9399f055a1ba5e0713a4 Intel::FILE_HASH Mandiant Apt1 Report T -b74022a7b9b63fdc541ae0848b28a962 Intel::FILE_HASH Mandiant Apt1 Report T -b743f6af7e307221ba425d6023ebe42c Intel::FILE_HASH Mandiant Apt1 Report T -b7dba6184f07b1e824362a2307d91ae2 Intel::FILE_HASH Mandiant Apt1 Report T -b8277cce81e0a372bc35d33a0c9483c2 Intel::FILE_HASH Mandiant Apt1 Report T -b86e89a42a1c1bc6ea15096c68e38ba4 Intel::FILE_HASH Mandiant Apt1 Report T -b883f8e5a1420d1f511266b9253c11c4 Intel::FILE_HASH Mandiant Apt1 Report T -b8dfe540bef505cd1adbd5f8ff31d028 Intel::FILE_HASH Mandiant Apt1 Report T -b8f61242e28f2edf6cb1be8781438491 Intel::FILE_HASH Mandiant Apt1 Report T -b92db06d17d3bf906c47a0384e771076 Intel::FILE_HASH Mandiant Apt1 Report T -b9b3673a721578b230490f7dfc6df21e Intel::FILE_HASH Mandiant Apt1 Report T -ba0c4d3dbf07d407211b5828405a9b91 Intel::FILE_HASH Mandiant Apt1 Report T -ba10b9486043f76bb9e9a160bc1d2576 Intel::FILE_HASH Mandiant Apt1 Report T -ba56035e10b423734e0ce01bb7bb8b6d Intel::FILE_HASH Mandiant Apt1 Report T -ba773e1608198cf8337c5902d7930710 Intel::FILE_HASH Mandiant Apt1 Report T -baabd9b76bff84ed27fd432cfc6df241 Intel::FILE_HASH Mandiant Apt1 Report T -bac2e89bd92ce23e1e93a63d26dea01a Intel::FILE_HASH Mandiant Apt1 Report T -bb286e9969ca197b461286b679c0886e Intel::FILE_HASH Mandiant Apt1 Report T -bc7092008ca37adf497b75eb98e2e175 Intel::FILE_HASH Mandiant Apt1 Report T -bc723e4f93a3bf85f4d1e1910393d1a3 Intel::FILE_HASH Mandiant Apt1 Report T -bc756bb6bf4e7b2058e8dce6ba8b1a79 Intel::FILE_HASH Mandiant Apt1 Report T -bca9bd0abbb31a422458abf521a6a2fb Intel::FILE_HASH Mandiant Apt1 Report T -bcb087f69792b69494a3edad51a842bb Intel::FILE_HASH Mandiant Apt1 Report T -bcbdef1678049378be04719ed29078d2 Intel::FILE_HASH Mandiant Apt1 Report T -bcdf8cb0868daaec3ba6176e3e7d3cfc Intel::FILE_HASH Mandiant Apt1 Report T -bce4b77a4e4acc70a3f6f52ec0a2f033 Intel::FILE_HASH Mandiant Apt1 Report T -bd15714360c12ffca4c3c1e86fc69d0e Intel::FILE_HASH Mandiant Apt1 Report T -bd402e910e03b70f00685d8b8be5093c Intel::FILE_HASH Mandiant Apt1 Report T -bd8b082b7711bc980252f988bb0ca936 Intel::FILE_HASH Mandiant Apt1 Report T -bdc5e16aec2c3796fb879a5c260d6ca9 Intel::FILE_HASH Mandiant Apt1 Report T -bdd2ad4c0e1e5667d117810ae9e36c4b Intel::FILE_HASH Mandiant Apt1 Report T -be58ff564c854be419a19a030af25c86 Intel::FILE_HASH Mandiant Apt1 Report T -be74bf5afd4ba64cc8ce237307e9254d Intel::FILE_HASH Mandiant Apt1 Report T -bebbbc50a561681f48d174d6b7c2824e Intel::FILE_HASH Mandiant Apt1 Report T -bee9b7835a02973678e9ead683da1ac4 Intel::FILE_HASH Mandiant Apt1 Report T -bf0d5aff9c1f33e089c9c85f03c6ba8a Intel::FILE_HASH Mandiant Apt1 Report T -bf0ee4367ea32f8e3b911c304258e439 Intel::FILE_HASH Mandiant Apt1 Report T -bf80dbf969b73790253f683cd723fd71 Intel::FILE_HASH Mandiant Apt1 Report T -bf9aeefc53d97bb23d35d47986504cef Intel::FILE_HASH Mandiant Apt1 Report T -bfcae0468de0c7bcf92e9989589082f1 Intel::FILE_HASH Mandiant Apt1 Report T -c0134285a276ab933e2a2b9b33b103cd Intel::FILE_HASH Mandiant Apt1 Report T -c044715c2626ab515f6c85a21c47c7dd Intel::FILE_HASH Mandiant Apt1 Report T -c04c796ef126ad7429be7d55720fe392 Intel::FILE_HASH Mandiant Apt1 Report T -c0a33a1b472a8c16123fd696a5ce5ebb Intel::FILE_HASH Mandiant Apt1 Report T -c0a494e643c42a89d5bf718ea274df04 Intel::FILE_HASH Mandiant Apt1 Report T -c110f08399c5dca64d7dc4539eb82083 Intel::FILE_HASH Mandiant Apt1 Report T -c116f5f89e24c7de3ea9cae83b7fc829 Intel::FILE_HASH Mandiant Apt1 Report T -c1bd23ece59e36143d80f7eec0e38c52 Intel::FILE_HASH Mandiant Apt1 Report T -c21591aa72ac72872f5bd05bbca5e4da Intel::FILE_HASH Mandiant Apt1 Report T -c2a79bb15a31fd6584d9bf0891673d14 Intel::FILE_HASH Mandiant Apt1 Report T -c2e06531a2e6de3c1b7d18b14af53fdf Intel::FILE_HASH Mandiant Apt1 Report T -c2fa9f567fd34fb14fee6a38b6644ff9 Intel::FILE_HASH Mandiant Apt1 Report T -c307bad133cc160a0129fda4c57e0f52 Intel::FILE_HASH Mandiant Apt1 Report T -c30c7fa2eb06fc8c9ebbe955abe26edd Intel::FILE_HASH Mandiant Apt1 Report T -c39bc83c16f9db8a7c43a966048bca7b Intel::FILE_HASH Mandiant Apt1 Report T -c39e272e9ea15d61e0c8e6b749a1ad46 Intel::FILE_HASH Mandiant Apt1 Report T -c3af09a9fc487314eb4c9fe92a01845a Intel::FILE_HASH Mandiant Apt1 Report T -c3dbd79adfa21706f5451cc68331d31e Intel::FILE_HASH Mandiant Apt1 Report T -c3de028cbc5aa0934008d95689d5f334 Intel::FILE_HASH Mandiant Apt1 Report T -c3e5603a38e700274d1ab30ce93d08b9 Intel::FILE_HASH Mandiant Apt1 Report T -c4188c3bb6982d41aa783c499113a8e3 Intel::FILE_HASH Mandiant Apt1 Report T -c41e44045cebebfba234063de8fd7c4d Intel::FILE_HASH Mandiant Apt1 Report T -c425b8782075da33cba5aae5ad612582 Intel::FILE_HASH Mandiant Apt1 Report T -c4c638750526e28f68d6d71fd1266bdf Intel::FILE_HASH Mandiant Apt1 Report T -c4f144febf16ff8f36df15353d5347ce Intel::FILE_HASH Mandiant Apt1 Report T -c53332a5bf112f03ed22b06d85140626 Intel::FILE_HASH Mandiant Apt1 Report T -c65617a4eedb8e0369ef8fe58ce20a02 Intel::FILE_HASH Mandiant Apt1 Report T -c69a708a2a8e4581dd95f90da3833840 Intel::FILE_HASH Mandiant Apt1 Report T -c6a29993234488fcbdcf45668eac9c47 Intel::FILE_HASH Mandiant Apt1 Report T -c6a4bb1a4e4f69ec71855d70d6960859 Intel::FILE_HASH Mandiant Apt1 Report T -c72edb12880a9af12b439a7a2d0584c1 Intel::FILE_HASH Mandiant Apt1 Report T -c763e041c8e85c195ade90e120338be7 Intel::FILE_HASH Mandiant Apt1 Report T -c799e1d25839e1efb2b3d42d6d6efd26 Intel::FILE_HASH Mandiant Apt1 Report T -c7b48b6965642b504f6f36933762df8a Intel::FILE_HASH Mandiant Apt1 Report T -c8d2b7f92fff545b3b19e9b1e1057071 Intel::FILE_HASH Mandiant Apt1 Report T -c9172b3e83c782bc930c06b628f31fa5 Intel::FILE_HASH Mandiant Apt1 Report T -c91eacab7655870764d13ba741aa9a73 Intel::FILE_HASH Mandiant Apt1 Report T -c99fa835350aa9e2427ce69323b061a9 Intel::FILE_HASH Mandiant Apt1 Report T -c9f77569aa98f71cc42644d66d9f371c Intel::FILE_HASH Mandiant Apt1 Report T -ca27a87928443e21dc279008008018ba Intel::FILE_HASH Mandiant Apt1 Report T -ca327bc83fbe38b3689cd1a5505dfc33 Intel::FILE_HASH Mandiant Apt1 Report T -ca68ccc887cfe5d2194f6a4d3101ae66 Intel::FILE_HASH Mandiant Apt1 Report T -ca6fe7a1315af5afeac2961460a80569 Intel::FILE_HASH Mandiant Apt1 Report T -ca899eda2c32e7d305272dd48bc8e1e1 Intel::FILE_HASH Mandiant Apt1 Report T -ca9c1f8d709ed34d388dc7cba2bd7602 Intel::FILE_HASH Mandiant Apt1 Report T -caf33d1e15953c0e782846e1709498f6 Intel::FILE_HASH Mandiant Apt1 Report T -cb15768a3e5c86d22289dcefec56d8a2 Intel::FILE_HASH Mandiant Apt1 Report T -cb3a9d7505be48019e242fbccc7e5f6b Intel::FILE_HASH Mandiant Apt1 Report T -cb3c5c3f53ecb2cb656fb0f4b8de03f6 Intel::FILE_HASH Mandiant Apt1 Report T -cc0b9bf4ea738d63f06bfe411460412b Intel::FILE_HASH Mandiant Apt1 Report T -cc17fe9f2d254ad28d050bf5c1df983d Intel::FILE_HASH Mandiant Apt1 Report T -cc3a9a7b026bfe0e55ff219fd6aa7d94 Intel::FILE_HASH Mandiant Apt1 Report T -cc7c8aba24c66373502ba5934696b7b6 Intel::FILE_HASH Mandiant Apt1 Report T -cca290cd2abe96392378b71e9835ce06 Intel::FILE_HASH Mandiant Apt1 Report T -ccfb7a84bb87cc8f86ddd260ad38ed5b Intel::FILE_HASH Mandiant Apt1 Report T -cd2102c5db1ed828a9c196448c40af3e Intel::FILE_HASH Mandiant Apt1 Report T -cd4674e2b7be30121a46a053205472a8 Intel::FILE_HASH Mandiant Apt1 Report T -cd677f9ede43b4b86b421db249c0e020 Intel::FILE_HASH Mandiant Apt1 Report T -cd6c1dbf08d8864b382678284ef13358 Intel::FILE_HASH Mandiant Apt1 Report T -ce003a75c85627cbc7e6eb39beff0722 Intel::FILE_HASH Mandiant Apt1 Report T -cf038194f0fe222f31ec24cb80941bb1 Intel::FILE_HASH Mandiant Apt1 Report T -cf9c2d5a8fbdd1c5adc20cfc5e663c21 Intel::FILE_HASH Mandiant Apt1 Report T -cfc6112254a69030521d0d2bba152d4d Intel::FILE_HASH Mandiant Apt1 Report T -cfce9478c880934b3548c3022a956e14 Intel::FILE_HASH Mandiant Apt1 Report T -cfe738fcc07b9ece6a11c3390d43b5df Intel::FILE_HASH Mandiant Apt1 Report T -d0d5a20c5a6c4fddab4d43b85632b6a9 Intel::FILE_HASH Mandiant Apt1 Report T -d0fb18b1e1f642f595a4746826350c21 Intel::FILE_HASH Mandiant Apt1 Report T -d16947b200afa74a917f055597b772c0 Intel::FILE_HASH Mandiant Apt1 Report T -d197c388184fef263b7944a7186bc6db Intel::FILE_HASH Mandiant Apt1 Report T -d1a18c7de189170c588e7128ec3f8453 Intel::FILE_HASH Mandiant Apt1 Report T -d20f0fbd001fd30610c3317fd3c6f7c0 Intel::FILE_HASH Mandiant Apt1 Report T -d22863c5e6f098a4b52688b021beef0a Intel::FILE_HASH Mandiant Apt1 Report T -d25be76b6d871a26eec08ad1bee0273d Intel::FILE_HASH Mandiant Apt1 Report T -d262cb8267beb0e218f6d11d6af9052e Intel::FILE_HASH Mandiant Apt1 Report T -d263fed2e1c18f2cb439afcef0cd1b45 Intel::FILE_HASH Mandiant Apt1 Report T -d271ae0f4e9230af3b61eafe7f671fde Intel::FILE_HASH Mandiant Apt1 Report T -d2c616bf238fc18f9ea0a1643bd2d4bc Intel::FILE_HASH Mandiant Apt1 Report T -d2f1be7e10ed39aa8bc0f7f671d824d2 Intel::FILE_HASH Mandiant Apt1 Report T -d3358ed4001ec0366fa23fe82759df2a Intel::FILE_HASH Mandiant Apt1 Report T -d34e357461c55d90c52309c1ff952b4c Intel::FILE_HASH Mandiant Apt1 Report T -d3f9d4bc51db1e602093e3003fc789d9 Intel::FILE_HASH Mandiant Apt1 Report T -d41c6005a75a6d28480d63f540d36c70 Intel::FILE_HASH Mandiant Apt1 Report T -d47b04327157fb188c0e81886e346c48 Intel::FILE_HASH Mandiant Apt1 Report T -d4ba6430996fb4021241efc97c607504 Intel::FILE_HASH Mandiant Apt1 Report T -d4c1bfc5cd3e33643a562696d5d29bf2 Intel::FILE_HASH Mandiant Apt1 Report T -d4c7f1f80883412f9796f1270accff50 Intel::FILE_HASH Mandiant Apt1 Report T -d5e56f7da9d2a78e49d3d0685e9613ca Intel::FILE_HASH Mandiant Apt1 Report T -d5fd1ce9189cd54f157d691e317c0821 Intel::FILE_HASH Mandiant Apt1 Report T -d60ee4a39667a733c075bb7f7b36285a Intel::FILE_HASH Mandiant Apt1 Report T -d62cd4ad2a919b6acfa6d49d446dffdb Intel::FILE_HASH Mandiant Apt1 Report T -d6a01b61f490488d61dfb9376186d844 Intel::FILE_HASH Mandiant Apt1 Report T -d74b169e98dd16d0f3af0dc770dffac0 Intel::FILE_HASH Mandiant Apt1 Report T -d751c7f7d2eab52c43ab31312e229307 Intel::FILE_HASH Mandiant Apt1 Report T -d76ea982d614c66c5faa36ab5fdd8b41 Intel::FILE_HASH Mandiant Apt1 Report T -d776379bda9fdf695d6a54db8a5b4c72 Intel::FILE_HASH Mandiant Apt1 Report T -d7796209412da17b2ee2ccf2309b4abf Intel::FILE_HASH Mandiant Apt1 Report T -d7aa32b7465f55c368230bb52d52d885 Intel::FILE_HASH Mandiant Apt1 Report T -d802a0c3e0c3dcac43877bd488f2b042 Intel::FILE_HASH Mandiant Apt1 Report T -d8238e950608e5aba3d3e9e83e9ee2cc Intel::FILE_HASH Mandiant Apt1 Report T -d8315c114107b7418c32f85e263766b7 Intel::FILE_HASH Mandiant Apt1 Report T -d8b7b276710127d233abcdb7313aac36 Intel::FILE_HASH Mandiant Apt1 Report T -d8fdd9cfca25315635378dd2564094ca Intel::FILE_HASH Mandiant Apt1 Report T -d915f1c6792eed61dddb30e512e6c202 Intel::FILE_HASH Mandiant Apt1 Report T -d9b1c95fb4424cf69a0ac8e40b3ab39b Intel::FILE_HASH Mandiant Apt1 Report T -d9c4ebd61c1aee52b3597aae048a592f Intel::FILE_HASH Mandiant Apt1 Report T -d9fb6620e4402764bbf2088de02898ca Intel::FILE_HASH Mandiant Apt1 Report T -d9fbf759f527af373e34673dc3aca462 Intel::FILE_HASH Mandiant Apt1 Report T -da383cc098a5ea8fbb87643611e4bfb6 Intel::FILE_HASH Mandiant Apt1 Report T -da52e6701c9eba92459c6be28efdba74 Intel::FILE_HASH Mandiant Apt1 Report T -da5ff7927d608d7ccc7495939d457bd3 Intel::FILE_HASH Mandiant Apt1 Report T -da60673b4f2a4660d2734a16a832282f Intel::FILE_HASH Mandiant Apt1 Report T -da6b0ee7ec735029d1ff4fa863a71de8 Intel::FILE_HASH Mandiant Apt1 Report T -db05df0498b59b42a8e493cf3c10c578 Intel::FILE_HASH Mandiant Apt1 Report T -db2580f5675f04716481b24bb7af468e Intel::FILE_HASH Mandiant Apt1 Report T -db50416d9e67f4982e89e0ffb0ade6f3 Intel::FILE_HASH Mandiant Apt1 Report T -db5805604f84b7303fa04feb18ce8271 Intel::FILE_HASH Mandiant Apt1 Report T -dba356a4726b94731e6ea97aa73cfc3f Intel::FILE_HASH Mandiant Apt1 Report T -dbdd2a9c86e71ba0c9953ff4f89cc25b Intel::FILE_HASH Mandiant Apt1 Report T -dc059121677ec7a038589cda28cbcc49 Intel::FILE_HASH Mandiant Apt1 Report T -dc1cff84900afc9d292b305f9b9aae34 Intel::FILE_HASH Mandiant Apt1 Report T -dc373f011e86d5528ca4824bb287c406 Intel::FILE_HASH Mandiant Apt1 Report T -dc78fd49b7f39fa3bb06b927e8413dd0 Intel::FILE_HASH Mandiant Apt1 Report T -dcb90efe7e09d6900242af25aeca7b73 Intel::FILE_HASH Mandiant Apt1 Report T -dd1222f96024ac28179c7508e4193285 Intel::FILE_HASH Mandiant Apt1 Report T -dd1bede0e42d26fd2439a6e48547023c Intel::FILE_HASH Mandiant Apt1 Report T -dd21d1ea2146861a4219b1cbdaefe59b Intel::FILE_HASH Mandiant Apt1 Report T -ddf3db31f9fa21cd43ff19dde393aba8 Intel::FILE_HASH Mandiant Apt1 Report T -de016572ade175d37cfbfabe8174391a Intel::FILE_HASH Mandiant Apt1 Report T -df4da15796910690b05e393561b86fa1 Intel::FILE_HASH Mandiant Apt1 Report T -df5c89d49ef8997c9b5abd8f808298c8 Intel::FILE_HASH Mandiant Apt1 Report T -dff4d874b2bfc64a4d1805959c379074 Intel::FILE_HASH Mandiant Apt1 Report T -dffd04ea26c03d3f6c67e10405abc5ad Intel::FILE_HASH Mandiant Apt1 Report T -e06145fccac413d8c753bc822619945c Intel::FILE_HASH Mandiant Apt1 Report T -e0c4cbf3ed293e8a8df3f3987b42caac Intel::FILE_HASH Mandiant Apt1 Report T -e0fc0fae758d7c6091cdb11d5ef98e0e Intel::FILE_HASH Mandiant Apt1 Report T -e1b6940985a23e5639450f8391820655 Intel::FILE_HASH Mandiant Apt1 Report T -e22f2e9ee73ab8b12ee5069f7e39a615 Intel::FILE_HASH Mandiant Apt1 Report T -e24e889e826df04f552e0d133548b693 Intel::FILE_HASH Mandiant Apt1 Report T -e43040ede0645a38ea5a35c26192126f Intel::FILE_HASH Mandiant Apt1 Report T -e476e4a24f8b4ff4c8a0b260aa35fc9f Intel::FILE_HASH Mandiant Apt1 Report T -e480c8839e819eaa9b19d53acfa95052 Intel::FILE_HASH Mandiant Apt1 Report T -e4a9b8993e55e3d0ba355b13d1f27a2e Intel::FILE_HASH Mandiant Apt1 Report T -e4be1e46775081b1d5405b3dd7dd1c64 Intel::FILE_HASH Mandiant Apt1 Report T -e50af782414228e52e59bcbe518b1966 Intel::FILE_HASH Mandiant Apt1 Report T -e5237615fde0977c0ea3626fba609ab8 Intel::FILE_HASH Mandiant Apt1 Report T -e54ce5f0112c9fdfe86db17e85a5e2c5 Intel::FILE_HASH Mandiant Apt1 Report T -e55f7d80d99b6aacb0c8d9ed46856d25 Intel::FILE_HASH Mandiant Apt1 Report T -e56e4b20ef6dc09d29be49481bd29561 Intel::FILE_HASH Mandiant Apt1 Report T -e649f31f7f3a7b15ce1290e8d096c058 Intel::FILE_HASH Mandiant Apt1 Report T -e64d657ce32118b415fa91dc05037c4c Intel::FILE_HASH Mandiant Apt1 Report T -e65c0b3f4dd2f3c9f728077ed1e48f7e Intel::FILE_HASH Mandiant Apt1 Report T -e65db662e449cab03a6c1ac51af41360 Intel::FILE_HASH Mandiant Apt1 Report T -e689b1fb0610b752f42adafc403fa49f Intel::FILE_HASH Mandiant Apt1 Report T -e6c25f9994b723d39c785ddfd38a31b8 Intel::FILE_HASH Mandiant Apt1 Report T -e6ff0431a9a9028808efc582405ea7df Intel::FILE_HASH Mandiant Apt1 Report T -e7f728e3bce0e59c3ba973545a3b3a92 Intel::FILE_HASH Mandiant Apt1 Report T -e83f60fb0e0396ea309faf0aed64e53f Intel::FILE_HASH Mandiant Apt1 Report T -e9df2f69ed3d9c895ad9d399eaff1bc8 Intel::FILE_HASH Mandiant Apt1 Report T -ea1b44094ae4d8e2b63a1771a3e61fd5 Intel::FILE_HASH Mandiant Apt1 Report T -ea3155748f9788b741b6799691250579 Intel::FILE_HASH Mandiant Apt1 Report T -ea34b72cbeb07aaac2398704c3ca6b0f Intel::FILE_HASH Mandiant Apt1 Report T -ea47431d832faff7802710dae0abb0d3 Intel::FILE_HASH Mandiant Apt1 Report T -ea502cd3504e74bac454835bd23e019b Intel::FILE_HASH Mandiant Apt1 Report T -ea7309fa59e9347a0715f164edf6b200 Intel::FILE_HASH Mandiant Apt1 Report T -ea7aeea782173eb19ef880c6a54456f2 Intel::FILE_HASH Mandiant Apt1 Report T -ea8b6c2c083d6b7b2b6ebc015b0488ca Intel::FILE_HASH Mandiant Apt1 Report T -eb0c8b05ee6a4334f45968cf45656597 Intel::FILE_HASH Mandiant Apt1 Report T -eb50c166074ae4f13cfea362dc7b668a Intel::FILE_HASH Mandiant Apt1 Report T -eb61cedc9793226a66e4611e6ea25d7f Intel::FILE_HASH Mandiant Apt1 Report T -ebf8eebe3aa218dea5e3f0b2222267b0 Intel::FILE_HASH Mandiant Apt1 Report T -ec09d3b72b282872db4afb0cc9ba7d9d Intel::FILE_HASH Mandiant Apt1 Report T -ec3a2197ca6b63ee1454d99a6ae145ab Intel::FILE_HASH Mandiant Apt1 Report T -ec63f49236858c85168da81c1ac7802a Intel::FILE_HASH Mandiant Apt1 Report T -ec82a53f44511ac09e916bde02cddef0 Intel::FILE_HASH Mandiant Apt1 Report T -ec8aa67b05407c01094184c33d2b5a44 Intel::FILE_HASH Mandiant Apt1 Report T -ec8c89aa5e521572c74e2dd02a4daf78 Intel::FILE_HASH Mandiant Apt1 Report T -eca18e3872fd32f17410167871fbd1d2 Intel::FILE_HASH Mandiant Apt1 Report T -ecf18654e4a2668fb8b2e3db144809af Intel::FILE_HASH Mandiant Apt1 Report T -ecf900c9d743631b59442240ac4ce9da Intel::FILE_HASH Mandiant Apt1 Report T -edb4faeee6542572aff2ec1b6affbd28 Intel::FILE_HASH Mandiant Apt1 Report T -eef298d0bc5b8c89f582e48556d77b6a Intel::FILE_HASH Mandiant Apt1 Report T -eef80511aa490b2168ed4c9fa5eafef0 Intel::FILE_HASH Mandiant Apt1 Report T -eefa8d6c9a26dcc13604b11bbe5635c1 Intel::FILE_HASH Mandiant Apt1 Report T -ef0a6c79f99a537f932a5e64999972b3 Intel::FILE_HASH Mandiant Apt1 Report T -ef29229f7b633f634db3a5c49a3f4a1c Intel::FILE_HASH Mandiant Apt1 Report T -ef349196b0ffef5a02d30413c8dffc7c Intel::FILE_HASH Mandiant Apt1 Report T -ef6c375e3e6930e2b50e1e97fe6fbcc9 Intel::FILE_HASH Mandiant Apt1 Report T -ef8e0fb20e7228c7492ccdc59d87c690 Intel::FILE_HASH Mandiant Apt1 Report T -efc2025431e7ec8f8784fe81389c77cf Intel::FILE_HASH Mandiant Apt1 Report T -effa99ea879e5be518f242d5820be070 Intel::FILE_HASH Mandiant Apt1 Report T -f02abd537e481109142b6170933d1b3d Intel::FILE_HASH Mandiant Apt1 Report T -f07ac0b4301fccbae233a44e07a2a634 Intel::FILE_HASH Mandiant Apt1 Report T -f0bab119faa296c680a10ba81693915e Intel::FILE_HASH Mandiant Apt1 Report T -f0d2ad2002557a86ecc780bf938b6dfd Intel::FILE_HASH Mandiant Apt1 Report T -f113e1c754679164b0e137449b7631cc Intel::FILE_HASH Mandiant Apt1 Report T -f172ff6b65140f342e6ee51966ea3c4c Intel::FILE_HASH Mandiant Apt1 Report T -f1ad5daacace5d4a7b18a03132ec2716 Intel::FILE_HASH Mandiant Apt1 Report T -f1db65d3c48ad5a9d1576aefdca036d1 Intel::FILE_HASH Mandiant Apt1 Report T -f1e5d9bf7705b4dc5be0b8a90b73a863 Intel::FILE_HASH Mandiant Apt1 Report T -f1eea61e49a3f86e95836d1c9f67e074 Intel::FILE_HASH Mandiant Apt1 Report T -f2009007bd6718582ad62ad29b742f6b Intel::FILE_HASH Mandiant Apt1 Report T -f2693de8b687c20aca98bfc1c5aa5b38 Intel::FILE_HASH Mandiant Apt1 Report T -f3611c5c793f521f7ff2a69c22d4174e Intel::FILE_HASH Mandiant Apt1 Report T -f38e76417c0f87322d55062428283e58 Intel::FILE_HASH Mandiant Apt1 Report T -f3b54c188185ee0921848b3a6ad4751e Intel::FILE_HASH Mandiant Apt1 Report T -f3f2881a1cf3f81f1ecd952ccb616504 Intel::FILE_HASH Mandiant Apt1 Report T -f445b22897a27ac5852ee19589bea8c2 Intel::FILE_HASH Mandiant Apt1 Report T -f4bea18e9d38ab9fa7c1cf6eea2bdc79 Intel::FILE_HASH Mandiant Apt1 Report T -f4ed3b7a8a58453052db4b5be3707342 Intel::FILE_HASH Mandiant Apt1 Report T -f4f8067d501bfef385274912d2a833b5 Intel::FILE_HASH Mandiant Apt1 Report T -f627990bbe2ec5c48c180f724490c332 Intel::FILE_HASH Mandiant Apt1 Report T -f6549d4a4097bac446acf8b31d250d2e Intel::FILE_HASH Mandiant Apt1 Report T -f65eee78ac150924cd37c7f1f3c96518 Intel::FILE_HASH Mandiant Apt1 Report T -f6655e39465c2ff5b016980d918ea028 Intel::FILE_HASH Mandiant Apt1 Report T -f67357d9fa1c3014050f2feefd39c784 Intel::FILE_HASH Mandiant Apt1 Report T -f7c63592ffb87b81ce45c89d207e9403 Intel::FILE_HASH Mandiant Apt1 Report T -f7f85d7f628ce62d1d8f7b39d8940472 Intel::FILE_HASH Mandiant Apt1 Report T -f802b6e448c054c9c16b97ff85646825 Intel::FILE_HASH Mandiant Apt1 Report T -f81991fab3b7d58d66629e26d21176ed Intel::FILE_HASH Mandiant Apt1 Report T -f8437e44748d2c3fcf84019766f4e6dc Intel::FILE_HASH Mandiant Apt1 Report T -f8892c6dacbf7ac756abb361e48bbc82 Intel::FILE_HASH Mandiant Apt1 Report T -f904ea9bc8e2d7ce13a6007183da5957 Intel::FILE_HASH Mandiant Apt1 Report T -f9a46d5024c05a827912a89ca270c553 Intel::FILE_HASH Mandiant Apt1 Report T -f9ed623f13481da16a97aeacdca646dc Intel::FILE_HASH Mandiant Apt1 Report T -fa11cb78f53db2d2718d536d4bd20b85 Intel::FILE_HASH Mandiant Apt1 Report T -fa66312d7e2ed95814f30871cae61d7c Intel::FILE_HASH Mandiant Apt1 Report T -fab6b0b33d59f393e142000f128a9652 Intel::FILE_HASH Mandiant Apt1 Report T -fab7c555a511f4d4e318817455bbb75a Intel::FILE_HASH Mandiant Apt1 Report T -fad92f849e3bbfab211af339eb6a8d66 Intel::FILE_HASH Mandiant Apt1 Report T -fade2270a6c7cb47893ac600a9a0509f Intel::FILE_HASH Mandiant Apt1 Report T -fae6eaf695af058af4b8dfee0709bf51 Intel::FILE_HASH Mandiant Apt1 Report T -fb671e6de6e301c892d2fdaa58f9cd9a Intel::FILE_HASH Mandiant Apt1 Report T -fbde5068f85ce0aac2e9ff387b5f8c06 Intel::FILE_HASH Mandiant Apt1 Report T -fc1937c1aa536b3744ebdfb1716fd54d Intel::FILE_HASH Mandiant Apt1 Report T -fc50743af221ccbff7b7c7ec378117f4 Intel::FILE_HASH Mandiant Apt1 Report T -fc89424a2d33ea5af3f49b02e743773b Intel::FILE_HASH Mandiant Apt1 Report T -fc9d20d555a88fc827f3a2bfec4dfa36 Intel::FILE_HASH Mandiant Apt1 Report T -fcdaa67e33357f64bc4ce7b57491fc53 Intel::FILE_HASH Mandiant Apt1 Report T -fd37fa026747059559197461aa7c63e6 Intel::FILE_HASH Mandiant Apt1 Report T -fdef1329ae626656c8389f82c4f9ad38 Intel::FILE_HASH Mandiant Apt1 Report T -fe5ba680a96757ff232d4bad9c0db2b8 Intel::FILE_HASH Mandiant Apt1 Report T -fe8ff84a23feb673a59d8571575fee0b Intel::FILE_HASH Mandiant Apt1 Report T -feb406ff01d9fd5abc5ea079e0543e31 Intel::FILE_HASH Mandiant Apt1 Report T -fefa3638e4d6f2e00b5194ae3fa0c931 Intel::FILE_HASH Mandiant Apt1 Report T -ff085d421518772ce2df75282363279f Intel::FILE_HASH Mandiant Apt1 Report T -ff9aa093a37819af65a06046ea0c830c Intel::FILE_HASH Mandiant Apt1 Report T -ffcc7271e951055f12b61f520ce1e4c7 Intel::FILE_HASH Mandiant Apt1 Report T diff --git a/salt/deprecated-bro/policy/securityonion/bpfconf.bro b/salt/deprecated-bro/policy/securityonion/bpfconf.bro deleted file mode 100644 index 595aef8f2..000000000 --- a/salt/deprecated-bro/policy/securityonion/bpfconf.bro +++ /dev/null @@ -1,106 +0,0 @@ -##! This script is to support the bpf.conf file like other network monitoring tools use. -##! Please don't try to learn from this script right now, there are a large number of -##! hacks in it to work around bugs discovered in Bro. - -@load base/frameworks/notice - -module BPFConf; - -export { - ## The file that is watched on disk for BPF filter changes. - ## Two templated variables are available; "sensorname" and "interface". - ## They can be used by surrounding the term by doubled curly braces. - const filename = "/opt/bro/share/bro/site/bpf" &redef; - - redef enum Notice::Type += { - ## Invalid filter notice. - InvalidFilter - }; -} - -global filter_parts: vector of string = vector(); -global current_filter_filename = ""; - -type FilterLine: record { - s: string; -}; - -redef enum PcapFilterID += { - BPFConfPcapFilter, -}; - -event BPFConf::line(description: Input::EventDescription, tpe: Input::Event, s: string) - { - local part = sub(s, /[[:blank:]]*#.*$/, ""); - - # We don't want any blank parts. - if ( part != "" ) - filter_parts[|filter_parts|] = part; - } - -event Input::end_of_data(name: string, source:string) - { - if ( name == "bpfconf" ) - { - local filter = join_string_vec(filter_parts, " "); - capture_filters["bpf.conf"] = filter; - if ( Pcap::precompile_pcap_filter(BPFConfPcapFilter, filter) ) - { - PacketFilter::install(); - } - else - { - NOTICE([$note=InvalidFilter, - $msg=fmt("Compiling packet filter from %s failed", filename), - $sub=filter]); - } - - filter_parts=vector(); - } - } - - -function add_filter_file() - { - local real_filter_filename = BPFConf::filename; - - # Support the interface template value. - #if ( SecurityOnion::sensorname != "" ) - # real_filter_filename = gsub(real_filter_filename, /\{\{sensorname\}\}/, SecurityOnion::sensorname); - - # Support the interface template value. - #if ( SecurityOnion::interface != "" ) - # real_filter_filename = gsub(real_filter_filename, /\{\{interface\}\}/, SecurityOnion::interface); - - #if ( /\{\{/ in real_filter_filename ) - # { - # return; - # } - #else - # Reporter::info(fmt("BPFConf filename set: %s (%s)", real_filter_filename, Cluster::node)); - - if ( real_filter_filename != current_filter_filename ) - { - current_filter_filename = real_filter_filename; - Input::add_event([$source=real_filter_filename, - $name="bpfconf", - $reader=Input::READER_RAW, - $mode=Input::REREAD, - $want_record=F, - $fields=FilterLine, - $ev=BPFConf::line]); - } - } - -#event SecurityOnion::found_sensorname(name: string) -# { -# add_filter_file(); -# } - -event bro_init() &priority=5 - { - if ( BPFConf::filename != "" ) - add_filter_file(); - } - - diff --git a/salt/deprecated-bro/policy/securityonion/conn-add-sensorname.bro b/salt/deprecated-bro/policy/securityonion/conn-add-sensorname.bro deleted file mode 100644 index 0fbe50297..000000000 --- a/salt/deprecated-bro/policy/securityonion/conn-add-sensorname.bro +++ /dev/null @@ -1,10 +0,0 @@ -global sensorname = "{{ grains.host }}"; - -redef record Conn::Info += { - sensorname: string &log &optional; -}; - -event connection_state_remove(c: connection) - { - c$conn$sensorname = sensorname; - } diff --git a/salt/deprecated-bro/policy/securityonion/file-extraction/__load__.bro b/salt/deprecated-bro/policy/securityonion/file-extraction/__load__.bro deleted file mode 100644 index b2707c803..000000000 --- a/salt/deprecated-bro/policy/securityonion/file-extraction/__load__.bro +++ /dev/null @@ -1 +0,0 @@ -@load ./extract diff --git a/salt/deprecated-bro/policy/securityonion/file-extraction/extract.bro b/salt/deprecated-bro/policy/securityonion/file-extraction/extract.bro deleted file mode 100644 index 7f0f1c902..000000000 --- a/salt/deprecated-bro/policy/securityonion/file-extraction/extract.bro +++ /dev/null @@ -1,21 +0,0 @@ -global ext_map: table[string] of string = { - ["application/x-dosexec"] = "exe", - ["text/plain"] = "txt", - ["image/jpeg"] = "jpg", - ["image/png"] = "png", - ["text/html"] = "html", -} &default =""; - -event file_sniff(f: fa_file, meta: fa_metadata) - { - if ( ! meta?$mime_type || meta$mime_type != "application/x-dosexec" ) - return; - - local ext = ""; - - if ( meta?$mime_type ) - ext = ext_map[meta$mime_type]; - - local fname = fmt("/nsm/bro/extracted/%s-%s.%s", f$source, f$id, ext); - Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]); - } diff --git a/salt/deprecated-bro/policy/securityonion/json-logs/__load__.bro b/salt/deprecated-bro/policy/securityonion/json-logs/__load__.bro deleted file mode 100644 index 780208248..000000000 --- a/salt/deprecated-bro/policy/securityonion/json-logs/__load__.bro +++ /dev/null @@ -1,3 +0,0 @@ -@load tuning/json-logs -redef LogAscii::json_timestamps = JSON::TS_ISO8601; -redef LogAscii::use_json = T; diff --git a/salt/domainstats/init.sls b/salt/domainstats/init.sls index 01e673764..8d329c785 100644 --- a/salt/domainstats/init.sls +++ b/salt/domainstats/init.sls @@ -13,6 +13,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} + # Create the group dstatsgroup: group.present: @@ -37,13 +39,13 @@ dstatslogdir: so-domainstatsimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-domainstats:HH1.0.3 + - name: docker pull --disable-content-trust=false docker.io/{{ IMAGEREPO }}/so-domainstats:HH1.0.3 so-domainstats: docker_container.running: - require: - so-domainstatsimage - - image: docker.io/soshybridhunter/so-domainstats:HH1.0.3 + - image: docker.io/{{ IMAGEREPO }}/so-domainstats:HH1.0.3 - hostname: domainstats - name: so-domainstats - user: domainstats diff --git a/salt/elastalert/init.sls b/salt/elastalert/init.sls index 9bfc8ded4..5703b8717 100644 --- a/salt/elastalert/init.sls +++ b/salt/elastalert/init.sls @@ -13,6 +13,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% if grains['role'] in ['so-eval','so-managersearch', 'so-manager', 'so-standalone'] %} @@ -101,7 +102,7 @@ elastaconf: so-elastalert: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-elastalert:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elastalert:{{ VERSION }} - hostname: elastalert - name: so-elastalert - user: elastalert diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 14cc38434..7a791c0d2 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -13,6 +13,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set FEATURES = salt['pillar.get']('elastic:features', False) %} @@ -101,7 +102,7 @@ eslogdir: so-elasticsearch: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-elasticsearch:{{ VERSION }}{{ FEATURES }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-elasticsearch:{{ VERSION }}{{ FEATURES }} - hostname: elasticsearch - name: so-elasticsearch - user: elasticsearch diff --git a/salt/filebeat/init.sls b/salt/filebeat/init.sls index 8a2b868ce..6889b892f 100644 --- a/salt/filebeat/init.sls +++ b/salt/filebeat/init.sls @@ -12,6 +12,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set MANAGERIP = salt['pillar.get']('static:managerip', '') %} {% set FEATURES = salt['pillar.get']('elastic:features', False) %} @@ -51,7 +52,7 @@ filebeatconfsync: OUTPUT: {{ salt['pillar.get']('filebeat:config:output', {}) }} so-filebeat: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-filebeat:{{ VERSION }}{{ FEATURES }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-filebeat:{{ VERSION }}{{ FEATURES }} - hostname: so-filebeat - user: root - extra_hosts: {{ MANAGER }}:{{ MANAGERIP }} diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls index 7858ca298..0b402a54b 100644 --- a/salt/fleet/init.sls +++ b/salt/fleet/init.sls @@ -2,6 +2,7 @@ {%- set FLEETPASS = salt['pillar.get']('secrets:fleet', None) -%} {%- set FLEETJWT = salt['pillar.get']('secrets:fleet_jwt', None) -%} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set FLEETARCH = salt['grains.get']('role') %} @@ -105,7 +106,7 @@ fleet_password_none: so-fleet: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-fleet:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-fleet:{{ VERSION }} - hostname: so-fleet - port_bindings: - 0.0.0.0:8080:8080 diff --git a/salt/freqserver/init.sls b/salt/freqserver/init.sls index 783d11b6a..08661f3da 100644 --- a/salt/freqserver/init.sls +++ b/salt/freqserver/init.sls @@ -13,6 +13,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} + # Create the user fservergroup: group.present: @@ -37,13 +39,13 @@ freqlogdir: so-freqimage: cmd.run: - - name: docker pull --disable-content-trust=false docker.io/soshybridhunter/so-freqserver:HH1.0.3 + - name: docker pull --disable-content-trust=false docker.io/{{ IMAGEREPO }}/so-freqserver:HH1.0.3 so-freq: docker_container.running: - require: - so-freqimage - - image: docker.io/soshybridhunter/so-freqserver:HH1.0.3 + - image: docker.io/{{ IMAGEREPO }}/so-freqserver:HH1.0.3 - hostname: freqserver - name: so-freqserver - user: freqserver diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index 1f448f6f0..e3119314b 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -1,6 +1,7 @@ {% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %} {% set MANAGER = salt['grains.get']('master') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %} @@ -216,7 +217,7 @@ dashboard-{{ SN }}: so-grafana: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-grafana:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-grafana:{{ VERSION }} - hostname: grafana - user: socore - binds: diff --git a/salt/idstools/init.sls b/salt/idstools/init.sls index 68d14d397..3313fa901 100644 --- a/salt/idstools/init.sls +++ b/salt/idstools/init.sls @@ -13,6 +13,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} # IDSTools Setup idstoolsdir: @@ -60,7 +61,7 @@ synclocalnidsrules: so-idstools: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-idstools:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-idstools:{{ VERSION }} - hostname: so-idstools - user: socore - binds: diff --git a/salt/influxdb/init.sls b/salt/influxdb/init.sls index 6d6bfd328..6d8ba4566 100644 --- a/salt/influxdb/init.sls +++ b/salt/influxdb/init.sls @@ -1,7 +1,7 @@ {% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %} {% set MANAGER = salt['grains.get']('master') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} - +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% if grains['role'] in ['so-manager', 'so-managersearch', 'so-eval', 'so-standalone'] and GRAFANA == 1 %} @@ -26,7 +26,7 @@ influxdbconf: so-influxdb: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-influxdb:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-influxdb:{{ VERSION }} - hostname: influxdb - environment: - INFLUXDB_HTTP_LOG_ENABLED=false diff --git a/salt/kibana/init.sls b/salt/kibana/init.sls index 792f41579..9521c5bb1 100644 --- a/salt/kibana/init.sls +++ b/salt/kibana/init.sls @@ -1,4 +1,5 @@ {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set FEATURES = salt['pillar.get']('elastic:features', False) %} {% if FEATURES %} @@ -69,7 +70,7 @@ kibanabin: # Start the kibana docker so-kibana: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-kibana:{{ VERSION }}{{ FEATURES }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kibana:{{ VERSION }}{{ FEATURES }} - hostname: kibana - user: kibana - environment: diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index 784db9525..87f348744 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -13,6 +13,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set FEATURES = salt['pillar.get']('elastic:features', False) %} @@ -159,7 +160,7 @@ lslogdir: so-logstash: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-logstash:{{ VERSION }}{{ FEATURES }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-logstash:{{ VERSION }}{{ FEATURES }} - hostname: so-logstash - name: so-logstash - user: logstash diff --git a/salt/manager/files/registry/scripts/so-docker-download b/salt/manager/files/registry/scripts/so-docker-download deleted file mode 100644 index dcba7a531..000000000 --- a/salt/manager/files/registry/scripts/so-docker-download +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash - -MANAGER={{ MANAGER }} -VERSION="HH1.2.2" -TRUSTED_CONTAINERS=( \ -"so-nginx:$VERSION" \ -"so-cyberchef:$VERSION" \ -"so-acng:$VERSION" \ -"so-soc:$VERSION" \ -"so-kratos:$VERSION" \ -"so-fleet:$VERSION" \ -"so-soctopus:$VERSION" \ -"so-steno:$VERSION" \ -"so-playbook:$VERSION" \ -"so-thehive-cortex:$VERSION" \ -"so-thehive:$VERSION" \ -"so-thehive-es:$VERSION" \ -"so-wazuh:$VERSION" \ -"so-kibana:$VERSION" \ -"so-elastalert:$VERSION" \ -"so-filebeat:$VERSION" \ -"so-suricata:$VERSION" \ -"so-logstash:$VERSION" \ -"so-bro:$VERSION" \ -"so-idstools:$VERSION" \ -"so-fleet-launcher:$VERSION" \ -"so-freqserver:$VERSION" \ -"so-influxdb:$VERSION" \ -"so-grafana:$VERSION" \ -"so-telegraf:$VERSION" \ -"so-redis:$VERSION" \ -"so-mysql:$VERSION" \ -"so-curtor:$VERSION" \ -"so-elasticsearch:$VERSION" \ -"so-domainstats:$VERSION" \ -"so-tcpreplay:$VERSION" \ -) - -for i in "${TRUSTED_CONTAINERS[@]}" -do - # Pull down the trusted docker image - docker pull --disable-content-trust=false docker.io/soshybridhunter/$i - # Tag it with the new registry destination - docker tag soshybridhunter/$i $MANAGER:5000/soshybridhunter/$i - docker push $MANAGER:5000/soshybridhunter/$i -done diff --git a/salt/manager/init.sls b/salt/manager/init.sls index e1d8cdb12..43200cd5c 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -13,6 +13,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set managerproxy = salt['pillar.get']('static:managerupdate', '0') %} @@ -59,7 +60,7 @@ acngcopyconf: # Install the apt-cacher-ng container so-aptcacherng: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-acng:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-acng:{{ VERSION }} - hostname: so-acng - restart_policy: always - port_bindings: diff --git a/salt/mysql/init.sls b/salt/mysql/init.sls index e8120724c..c4caa5fcd 100644 --- a/salt/mysql/init.sls +++ b/salt/mysql/init.sls @@ -1,6 +1,7 @@ {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) %} {%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set MAINIP = salt['pillar.get']('elasticsearch:mainip') %} {% set FLEETARCH = salt['grains.get']('role') %} @@ -71,7 +72,7 @@ mysql_password_none: so-mysql: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-mysql:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-mysql:{{ VERSION }} - hostname: so-mysql - user: socore - port_bindings: diff --git a/salt/nginx/init.sls b/salt/nginx/init.sls index 8bbdced0f..53bb13eec 100644 --- a/salt/nginx/init.sls +++ b/salt/nginx/init.sls @@ -2,6 +2,7 @@ {% set FLEETNODE = salt['pillar.get']('static:fleet_node', False) %} {% set MANAGER = salt['grains.get']('master') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} # Drop the correct nginx config based on role nginxconfdir: @@ -61,7 +62,7 @@ navigatordefaultlayer: so-nginx: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-nginx:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-nginx:{{ VERSION }} - hostname: so-nginx - binds: - /opt/so/conf/nginx/nginx.conf:/etc/nginx/nginx.conf:ro diff --git a/salt/nodered/init.sls b/salt/nodered/init.sls index c501445a2..bec8f266a 100644 --- a/salt/nodered/init.sls +++ b/salt/nodered/init.sls @@ -13,6 +13,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} + # Create the nodered group noderedgroup: group.present: @@ -61,7 +63,7 @@ noderedlog: so-nodered: docker_container.running: - - image: soshybridhunter/so-nodered:HH1.2.2 + - image: {{ IMAGEREPO }}/so-nodered:HH1.2.2 - interactive: True - binds: - /opt/so/conf/nodered/:/data:rw diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index dc3db3c21..7a235516a 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -13,6 +13,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set INTERFACE = salt['pillar.get']('sensor:interface', 'bond0') %} {% set BPF_STENO = salt['pillar.get']('steno:bpf', None) %} @@ -129,7 +130,7 @@ sensoronilog: so-steno: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-steno:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-steno:{{ VERSION }} - network_mode: host - privileged: True - port_bindings: @@ -146,7 +147,7 @@ so-steno: so-sensoroni: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-soc:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }} - network_mode: host - binds: - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls index 6de1c121d..c2380ab3a 100644 --- a/salt/playbook/init.sls +++ b/salt/playbook/init.sls @@ -1,5 +1,6 @@ {% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set MAINIP = salt['grains.get']('ip_interfaces').get(salt['pillar.get']('sensor:mainint', salt['pillar.get']('manager:mainint', salt['pillar.get']('elasticsearch:mainint', salt['pillar.get']('host:mainint')))))[0] %} {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%} @@ -73,7 +74,7 @@ playbook_password_none: so-playbook: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-playbook:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-playbook:{{ VERSION }} - hostname: playbook - name: so-playbook - environment: diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls index c29ab85ed..507fab620 100644 --- a/salt/reactor/fleet.sls +++ b/salt/reactor/fleet.sls @@ -1,3 +1,5 @@ +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} + #!py from time import gmtime, strftime @@ -59,7 +61,7 @@ def run(): # Run Docker container that will build the packages gen_packages = subprocess.run(["docker", "run","--rm", "--mount", f"type=bind,source={LOCAL_SALT_DIR}/salt/fleet/packages,target=/output", \ - "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MANAGER }:5000/soshybridhunter/so-fleet-launcher:{ VERSION }", \ + "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MANAGER }:5000/{{ IMAGEREPO }}/so-fleet-launcher:{ VERSION }", \ f"{ESECRET}", f"{PACKAGEHOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii') # Update the 'packages-built' timestamp on the webpage (stored in the static pillar) diff --git a/salt/redis/init.sls b/salt/redis/init.sls index 4b61c35ef..5a981e688 100644 --- a/salt/redis/init.sls +++ b/salt/redis/init.sls @@ -13,6 +13,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} # Redis Setup @@ -47,7 +48,7 @@ redisconfsync: so-redis: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-redis:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }} - hostname: so-redis - user: socore - port_bindings: diff --git a/salt/soc/init.sls b/salt/soc/init.sls index 0490aa13d..e3fdf538a 100644 --- a/salt/soc/init.sls +++ b/salt/soc/init.sls @@ -1,4 +1,5 @@ {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} socdir: @@ -33,7 +34,7 @@ socsync: so-soc: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-soc:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soc:{{ VERSION }} - hostname: soc - name: so-soc - binds: @@ -84,7 +85,7 @@ kratossync: so-kratos: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-kratos:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-kratos:{{ VERSION }} - hostname: kratos - name: so-kratos - binds: diff --git a/salt/soctopus/init.sls b/salt/soctopus/init.sls index 11727e149..3fcdf8717 100644 --- a/salt/soctopus/init.sls +++ b/salt/soctopus/init.sls @@ -1,4 +1,5 @@ {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {%- set MANAGER_URL = salt['pillar.get']('manager:url_base', '') %} {%- set MANAGER_IP = salt['pillar.get']('static:managerip', '') %} @@ -50,7 +51,7 @@ playbookrulessync: so-soctopus: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-soctopus:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-soctopus:{{ VERSION }} - hostname: soctopus - name: so-soctopus - binds: diff --git a/salt/strelka/init.sls b/salt/strelka/init.sls index b34ee92da..c6a900e8e 100644 --- a/salt/strelka/init.sls +++ b/salt/strelka/init.sls @@ -15,6 +15,7 @@ {%- set MANAGER = salt['grains.get']('master') %} {%- set MANAGERIP = salt['pillar.get']('static:managerip', '') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {%- set STRELKA_RULES = salt['pillar.get']('strelka:rules', '1') -%} # Strelka config @@ -79,7 +80,7 @@ strelkastagedir: strelka_coordinator: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-redis:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }} - name: so-strelka-coordinator - entrypoint: redis-server --save "" --appendonly no - port_bindings: @@ -87,7 +88,7 @@ strelka_coordinator: strelka_gatekeeper: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-redis:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-redis:{{ VERSION }} - name: so-strelka-gatekeeper - entrypoint: redis-server --save "" --appendonly no --maxmemory-policy allkeys-lru - port_bindings: @@ -95,7 +96,7 @@ strelka_gatekeeper: strelka_frontend: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-strelka-frontend:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-frontend:{{ VERSION }} - binds: - /opt/so/conf/strelka/frontend/:/etc/strelka/:ro - /nsm/strelka/log/:/var/log/strelka/:rw @@ -107,7 +108,7 @@ strelka_frontend: strelka_backend: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-strelka-backend:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-backend:{{ VERSION }} - binds: - /opt/so/conf/strelka/backend/:/etc/strelka/:ro - /opt/so/conf/strelka/rules/:/etc/yara/:ro @@ -117,7 +118,7 @@ strelka_backend: strelka_manager: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-strelka-manager:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-manager:{{ VERSION }} - binds: - /opt/so/conf/strelka/manager/:/etc/strelka/:ro - name: so-strelka-manager @@ -125,7 +126,7 @@ strelka_manager: strelka_filestream: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-strelka-filestream:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-strelka-filestream:{{ VERSION }} - binds: - /opt/so/conf/strelka/filestream/:/etc/strelka/:ro - /nsm/strelka:/nsm/strelka diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls index 0dc16e6b0..4bb192316 100644 --- a/salt/suricata/init.sls +++ b/salt/suricata/init.sls @@ -16,6 +16,7 @@ {% set interface = salt['pillar.get']('sensor:interface', 'bond0') %} {% set BROVER = salt['pillar.get']('static:broversion', '') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set BPF_NIDS = salt['pillar.get']('nids:bpf') %} {% set BPF_STATUS = 0 %} @@ -132,7 +133,7 @@ suribpf: so-suricata: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-suricata:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-suricata:{{ VERSION }} - privileged: True - environment: - INTERFACE={{ interface }} diff --git a/salt/tcpreplay/init.sls b/salt/tcpreplay/init.sls index 460552bf8..7247e4505 100644 --- a/salt/tcpreplay/init.sls +++ b/salt/tcpreplay/init.sls @@ -1,11 +1,12 @@ {% if grains['role'] == 'so-sensor' or grains['role'] == 'so-eval' %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} so-tcpreplay: docker_container.running: - network_mode: "host" - - image: {{ MANAGER }}:5000/soshybridhunter/so-tcpreplay:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-tcpreplay:{{ VERSION }} - name: so-tcpreplay - user: root - interactive: True diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index e75608c6a..99e12a60b 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -1,5 +1,6 @@ {% set MANAGER = salt['grains.get']('master') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} # Add Telegraf to monitor all the things. tgraflogdir: @@ -36,7 +37,7 @@ tgrafconf: so-telegraf: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-telegraf:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-telegraf:{{ VERSION }} - environment: - HOST_PROC=/host/proc - HOST_ETC=/host/etc diff --git a/salt/thehive/init.sls b/salt/thehive/init.sls index 6d8ac494d..07eff0939 100644 --- a/salt/thehive/init.sls +++ b/salt/thehive/init.sls @@ -1,5 +1,6 @@ {% set MANAGERIP = salt['pillar.get']('manager:mainip', '') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} thehiveconfdir: file.directory: @@ -71,7 +72,7 @@ thehiveesdata: so-thehive-es: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-thehive-es:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-thehive-es:{{ VERSION }} - hostname: so-thehive-es - name: so-thehive-es - user: 939 @@ -99,7 +100,7 @@ so-thehive-es: # Install Cortex so-cortex: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-thehive-cortex:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-thehive-cortex:{{ VERSION }} - hostname: so-cortex - name: so-cortex - user: 939 @@ -118,7 +119,7 @@ cortexscript: so-thehive: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-thehive:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-thehive:{{ VERSION }} - environment: - ELASTICSEARCH_HOST={{ MANAGERIP }} - hostname: so-thehive diff --git a/salt/wazuh/init.sls b/salt/wazuh/init.sls index c4ca27d95..2ae4ea715 100644 --- a/salt/wazuh/init.sls +++ b/salt/wazuh/init.sls @@ -1,5 +1,6 @@ {%- set HOSTNAME = salt['grains.get']('host', '') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} # Add ossec group ossecgroup: @@ -83,7 +84,7 @@ wazuhmgrwhitelist: so-wazuh: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-wazuh:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-wazuh:{{ VERSION }} - hostname: {{HOSTNAME}}-wazuh-manager - name: so-wazuh - detach: True diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls index 4fb7fe458..103f36c5a 100644 --- a/salt/zeek/init.sls +++ b/salt/zeek/init.sls @@ -1,4 +1,5 @@ {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} {% set BPF_ZEEK = salt['pillar.get']('zeek:bpf', {}) %} {% set BPF_STATUS = 0 %} @@ -156,7 +157,7 @@ localzeeksync: so-zeek: docker_container.running: - - image: {{ MANAGER }}:5000/soshybridhunter/so-zeek:{{ VERSION }} + - image: {{ MANAGER }}:5000/{{ IMAGEREPO }}/so-zeek:{{ VERSION }} - privileged: True - binds: - /nsm/zeek/logs:/nsm/zeek/logs:rw diff --git a/setup/so-common-functions b/setup/so-common-functions index fc380f85b..078a721bf 100644 --- a/setup/so-common-functions +++ b/setup/so-common-functions @@ -1,6 +1,7 @@ #!/bin/bash source ./so-variables +source ../salt/common/tools/sbin/so-common # Helper functions diff --git a/setup/so-functions b/setup/so-functions index 7d05852e0..03265c1e4 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -797,14 +797,14 @@ docker_seed_registry() { set_progress_str "$percent" "Downloading $i" { - if ! docker pull --disable-content-trust=false docker.io/soshybridhunter/"$i"; then + if ! docker pull --disable-content-trust=false docker.io/$IMAGEREPO/"$i"; then sleep 5 - docker pull --disable-content-trust=false docker.io/soshybridhunter/"$i" + docker pull --disable-content-trust=false docker.io/$IMAGEREPO/"$i" fi # Tag it with the new registry destination - docker tag soshybridhunter/"$i" "$HOSTNAME":5000/soshybridhunter/"$i" - docker push "$HOSTNAME":5000/soshybridhunter/"$i" - #docker rmi soshybridhunter/"$i" + docker tag $IMAGEREPO/"$i" "$HOSTNAME":5000/$IMAGEREPO/"$i" + docker push "$HOSTNAME":5000/$IMAGEREPO/"$i" + #docker rmi $IMAGEREPO/"$i" } >> "$setup_log" 2>&1 done else @@ -1023,6 +1023,7 @@ manager_static() { " sensoronikey: $SENSORONIKEY"\ " wazuh: $WAZUH"\ " managerupdate: $MANAGERUPDATES"\ + " imagerepo: $IMAGEREPO"\ "strelka:"\ " enabled: $STRELKA"\ " rules: $STRELKARULES"\ diff --git a/upgrade/so-update-functions b/upgrade/so-update-functions index a0a4b0288..3ab79df39 100644 --- a/upgrade/so-update-functions +++ b/upgrade/so-update-functions @@ -15,8 +15,9 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -# Set the new SO Version +. /usr/sbin/so-common +# Set the new SO Version UPDATEVERSION=1.2.2 BUILD=HH @@ -184,16 +185,16 @@ update_docker_containers() { do # Pull down the trusted docker image echo "Downloading $i" - docker pull --disable-content-trust=false docker.io/soshybridhunter/$i + docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i # Tag it with the new registry destination - docker tag soshybridhunter/$i $HOSTNAME:5000/soshybridhunter/$i - docker push $HOSTNAME:5000/soshybridhunter/$i + docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i + docker push $HOSTNAME:5000/$IMAGEREPO/$i done for i in "${TRUSTED_CONTAINERS[@]}" do echo "Removing $i locally" - docker rmi soshybridhunter/$i + docker rmi $IMAGEREPO/$i done } From d75d64c8ed5e4359833d4142960c1c42ddb05fad Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 13 Jul 2020 21:03:47 -0400 Subject: [PATCH 026/124] Mount imported pcap dirs into sensoroni container for imported PCAP pivots --- salt/pcap/init.sls | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/pcap/init.sls b/salt/pcap/init.sls index 7a235516a..1a9de6611 100644 --- a/salt/pcap/init.sls +++ b/salt/pcap/init.sls @@ -152,6 +152,7 @@ so-sensoroni: - binds: - /opt/so/conf/steno/certs:/etc/stenographer/certs:rw - /nsm/pcap:/nsm/pcap:rw + - /nsm/import:/nsm/import:rw - /nsm/pcapout:/nsm/pcapout:rw - /opt/so/conf/sensoroni/sensoroni.json:/opt/sensoroni/sensoroni.json:ro - /opt/so/log/sensoroni:/opt/sensoroni/logs:rw From 09c460dbe99e7428395826ad36b53b3cfa32943f Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 14 Jul 2020 00:45:20 -0400 Subject: [PATCH 027/124] Switch to final image repository prefix 'securityonion' for RC1 --- salt/common/tools/sbin/so-common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 8db8fea52..5b3eeb647 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -15,7 +15,7 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -IMAGEREPO=soshybridhunter +IMAGEREPO=securityonion # Check for prerequisites if [ "$(id -u)" -ne 0 ]; then From 178ac79da8b65b56fa110da0d2658de899b13bad Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 14 Jul 2020 09:05:09 -0400 Subject: [PATCH 028/124] [refactor] Set $REDIRECTIT outside of subshell --- setup/so-functions | 23 +++++++++++------------ setup/so-setup | 3 +-- 2 files changed, 12 insertions(+), 14 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index df7a3f254..26f7af0fc 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -871,6 +871,17 @@ get_redirect() { if [ "$REDIRECTINFO" = "OTHER" ]; then whiptail_set_redirect_host fi + case $REDIRECTINFO in + 'IP') + export REDIRECTIT="$MAINIP" + ;; + 'HOSTNAME') + export REDIRECTIT="$HOSTNAME" + ;; + *) + export REDIRECTIT="$REDIRECTHOST" + ;; + esac } got_root() { @@ -938,18 +949,6 @@ manager_pillar() { " mtu: $MTU" >> "$pillar_file" fi - case $REDIRECTINFO in - 'IP') - export REDIRECTIT="$MAINIP" - ;; - 'HOSTNAME') - export REDIRECTIT=$HOSTNAME - ;; - *) - export REDIRECTIT="$REDIRECTHOST" - ;; - esac - printf '%s\n'\ " elastalert: 1"\ " nids_rules: $RULESETUP"\ diff --git a/setup/so-setup b/setup/so-setup index c10ff4737..6ca4d3d57 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -378,8 +378,6 @@ if [[ $is_minion ]]; then copy_ssh_key >> $setup_log 2>&1 fi - - # Begin install { # Set initial percentage to 0 @@ -633,6 +631,7 @@ else fi if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then + echo "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}" IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 fi From b884e09e7a7c4f51540392d39b14f0f28bbbd40c Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 14 Jul 2020 09:09:47 -0400 Subject: [PATCH 029/124] Playbook db init fix --- salt/playbook/init.sls | 15 +++------------ setup/so-setup | 6 +++--- 2 files changed, 6 insertions(+), 15 deletions(-) diff --git a/salt/playbook/init.sls b/salt/playbook/init.sls index c2380ab3a..44b806f9a 100644 --- a/salt/playbook/init.sls +++ b/salt/playbook/init.sls @@ -6,18 +6,9 @@ {%- set MYSQLPASS = salt['pillar.get']('secrets:mysql', None) -%} {%- set PLAYBOOKPASS = salt['pillar.get']('secrets:playbook', None) -%} -{% if salt['mysql.db_exists']('playbook') %} - #Playbook database exists - Do nothing -{% else %} -salt://playbook/files/playbook_db_init.sh: - cmd.script: - - cwd: /root - - template: jinja - -'sleep 5': - cmd.run -{% endif %} - +include: + - mysql + create_playbookdbuser: module.run: - mysql.user_create: diff --git a/setup/so-setup b/setup/so-setup index 31baf3deb..c84e0dfe5 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -539,9 +539,9 @@ fi fi if [[ "$PLAYBOOK" = 1 ]]; then - set_progress_str 73 "$(print_salt_state_apply 'mysql')" - salt-call state.apply -l info mysql >> $setup_log 2>&1 - + set_progress_str 73 "$(print_salt_state_apply 'playbook.db_init')" + salt-call state.apply -l info playbook.db_init >> $setup_log 2>&1 + set_progress_str 73 "$(print_salt_state_apply 'playbook')" salt-call state.apply -l info playbook >> $setup_log 2>&1 so-playbook-ruleupdate >> /root/setup_playbook_rule_update.log 2>&1 & From 2c729400103d60cf528b81fab95e262ab8b8f8a7 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 14 Jul 2020 09:09:55 -0400 Subject: [PATCH 030/124] Playbook db init fix --- salt/playbook/db_init.sls | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 salt/playbook/db_init.sls diff --git a/salt/playbook/db_init.sls b/salt/playbook/db_init.sls new file mode 100644 index 000000000..1b2bf7b1a --- /dev/null +++ b/salt/playbook/db_init.sls @@ -0,0 +1,14 @@ + +# This state will import the initial default playbook database. +# If there is an existing playbook database, it will be overwritten - no backups are made. + +include: + - mysql + +salt://playbook/files/playbook_db_init.sh: + cmd.script: + - cwd: /root + - template: jinja + +'sleep 5': + cmd.run \ No newline at end of file From d6afde90b06fbc437d44f1395f854909da73377e Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Tue, 14 Jul 2020 13:37:00 +0000 Subject: [PATCH 031/124] Convert message timestamp to @timestamp --- salt/elasticsearch/files/ingest/suricata.common | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/elasticsearch/files/ingest/suricata.common b/salt/elasticsearch/files/ingest/suricata.common index dd08b08a0..435f845c1 100644 --- a/salt/elasticsearch/files/ingest/suricata.common +++ b/salt/elasticsearch/files/ingest/suricata.common @@ -12,6 +12,8 @@ { "remove":{ "field": "dataset", "ignore_failure": true } }, { "rename":{ "field": "message2.event_type", "target_field": "dataset", "ignore_failure": true } }, { "set": { "field": "observer.name", "value": "{{agent.name}}" } }, + { "set": { "field": "ingest.timestamp", "value": "{{@timestamp}}" } }, + { "set": { "field": "@timestamp", "value": "{{message2.timestamp}}" } }, { "remove":{ "field": "agent", "ignore_failure": true } }, { "pipeline": { "name": "suricata.{{dataset}}" } } ] From d4e6189f6e470921d35c14a2cbd9e45a98c409cb Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 14 Jul 2020 09:39:56 -0400 Subject: [PATCH 032/124] Fix spelling error in actions --- salt/curator/files/action/so-beats-close.yml | 2 +- salt/curator/files/action/so-firewall-close.yml | 2 +- salt/curator/files/action/so-ids-close.yml | 2 +- salt/curator/files/action/so-import-close.yml | 2 +- salt/curator/files/action/so-osquery-close.yml | 2 +- salt/curator/files/action/so-ossec-close.yml | 2 +- salt/curator/files/action/so-strelka-close.yml | 2 +- salt/curator/files/action/so-syslog-close.yml | 2 +- salt/curator/files/action/so-zeek-close.yml | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/salt/curator/files/action/so-beats-close.yml b/salt/curator/files/action/so-beats-close.yml index dbbcca1c8..4c606d4bc 100644 --- a/salt/curator/files/action/so-beats-close.yml +++ b/salt/curator/files/action/so-beats-close.yml @@ -1,4 +1,4 @@ -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settins:so-beats:close', 30) -%} +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-beats:close', 30) -%} --- # Remember, leave a key empty if there is no value. None will be a string, # not a Python "NoneType" diff --git a/salt/curator/files/action/so-firewall-close.yml b/salt/curator/files/action/so-firewall-close.yml index 46f0b39a9..c30daa6bb 100644 --- a/salt/curator/files/action/so-firewall-close.yml +++ b/salt/curator/files/action/so-firewall-close.yml @@ -1,4 +1,4 @@ -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settins:so-firewall:close', 30) -%} +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-firewall:close', 30) -%} --- # Remember, leave a key empty if there is no value. None will be a string, # not a Python "NoneType" diff --git a/salt/curator/files/action/so-ids-close.yml b/salt/curator/files/action/so-ids-close.yml index 89f08d8d1..05583d853 100644 --- a/salt/curator/files/action/so-ids-close.yml +++ b/salt/curator/files/action/so-ids-close.yml @@ -1,4 +1,4 @@ -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settins:so-ids:close', 30) -%} +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ids:close', 30) -%} --- # Remember, leave a key empty if there is no value. None will be a string, # not a Python "NoneType" diff --git a/salt/curator/files/action/so-import-close.yml b/salt/curator/files/action/so-import-close.yml index b9ee6e5da..d7ae725d1 100644 --- a/salt/curator/files/action/so-import-close.yml +++ b/salt/curator/files/action/so-import-close.yml @@ -1,4 +1,4 @@ -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settins:so-import:close', 30) -%} +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-import:close', 30) -%} --- # Remember, leave a key empty if there is no value. None will be a string, # not a Python "NoneType" diff --git a/salt/curator/files/action/so-osquery-close.yml b/salt/curator/files/action/so-osquery-close.yml index 152a41afa..e58643175 100644 --- a/salt/curator/files/action/so-osquery-close.yml +++ b/salt/curator/files/action/so-osquery-close.yml @@ -1,4 +1,4 @@ -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settins:so-osquery:close', 30) -%} +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-osquery:close', 30) -%} --- # Remember, leave a key empty if there is no value. None will be a string, # not a Python "NoneType" diff --git a/salt/curator/files/action/so-ossec-close.yml b/salt/curator/files/action/so-ossec-close.yml index 5ee8c91de..6243fabd6 100644 --- a/salt/curator/files/action/so-ossec-close.yml +++ b/salt/curator/files/action/so-ossec-close.yml @@ -1,4 +1,4 @@ -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settins:so-ossec:close', 30) -%} +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-ossec:close', 30) -%} --- # Remember, leave a key empty if there is no value. None will be a string, # not a Python "NoneType" diff --git a/salt/curator/files/action/so-strelka-close.yml b/salt/curator/files/action/so-strelka-close.yml index a07ab94e8..da0fafcbb 100644 --- a/salt/curator/files/action/so-strelka-close.yml +++ b/salt/curator/files/action/so-strelka-close.yml @@ -1,4 +1,4 @@ -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settins:so-strelka:close', 30) -%} +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-strelka:close', 30) -%} --- # Remember, leave a key empty if there is no value. None will be a string, # not a Python "NoneType" diff --git a/salt/curator/files/action/so-syslog-close.yml b/salt/curator/files/action/so-syslog-close.yml index 3aae50566..225458048 100644 --- a/salt/curator/files/action/so-syslog-close.yml +++ b/salt/curator/files/action/so-syslog-close.yml @@ -1,4 +1,4 @@ -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settins:so-syslog:close', 30) -%} +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-syslog:close', 30) -%} --- # Remember, leave a key empty if there is no value. None will be a string, # not a Python "NoneType" diff --git a/salt/curator/files/action/so-zeek-close.yml b/salt/curator/files/action/so-zeek-close.yml index ec1ab9eff..7692d26eb 100644 --- a/salt/curator/files/action/so-zeek-close.yml +++ b/salt/curator/files/action/so-zeek-close.yml @@ -1,4 +1,4 @@ -{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settins:so-zeek:close', 30) -%} +{%- set cur_close_days = salt['pillar.get']('elasticsearch:index_settings:so-zeek:close', 30) -%} --- # Remember, leave a key empty if there is no value. None will be a string, # not a Python "NoneType" From 67f2edce28c36dd9781afb46c150ba1f21ebb315 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 14 Jul 2020 09:40:13 -0400 Subject: [PATCH 033/124] Resolve merge conflict that reverted import URL back to Kibana --- salt/common/tools/sbin/so-import-pcap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap index 92dc27f50..730013b4d 100755 --- a/salt/common/tools/sbin/so-import-pcap +++ b/salt/common/tools/sbin/so-import-pcap @@ -209,7 +209,7 @@ cat << EOF Import complete! You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser: -https://{{ MANAGERIP }}/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:'${START_OLDEST}T00:00:00.000Z',mode:absolute,to:'${END_NEWEST}T00:00:00.000Z')) +https://{{ MANAGERIP }}/#/hunt?q=%2a%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20PM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20PM or you can manually set your Time Range to be: From: $START_OLDEST To: $END_NEWEST From e404a41d8ab13e603150ec637452922a79786ae6 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 14 Jul 2020 10:04:15 -0400 Subject: [PATCH 034/124] Add all actions to cron --- salt/curator/files/bin/so-curator-close | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/curator/files/bin/so-curator-close b/salt/curator/files/bin/so-curator-close index dff6bbb39..11324dd31 100644 --- a/salt/curator/files/bin/so-curator-close +++ b/salt/curator/files/bin/so-curator-close @@ -1,2 +1,2 @@ #!/bin/bash -/usr/sbin/so-curator-closed-delete > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/close.yml > /dev/null 2>&1 +/usr/sbin/so-curator-closed-delete > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-zeek-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-beats-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-firewall-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ids-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-import-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-osquery-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-ossec-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-strelka-close.yml > /dev/null 2>&1; docker exec so-curator curator --config /etc/curator/config/curator.yml /etc/curator/action/so-syslog-close.yml > /dev/null 2>&1 From 4ab90a9a30ac4a7783419e4a2d9f9257883ee0c6 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 14 Jul 2020 10:12:51 -0400 Subject: [PATCH 035/124] [fix] Move redirect var to function after $MAINIP has been set --- setup/so-functions | 25 ++++++++++++++----------- setup/so-setup | 5 ++++- 2 files changed, 18 insertions(+), 12 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 26f7af0fc..ee5c15368 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -871,17 +871,6 @@ get_redirect() { if [ "$REDIRECTINFO" = "OTHER" ]; then whiptail_set_redirect_host fi - case $REDIRECTINFO in - 'IP') - export REDIRECTIT="$MAINIP" - ;; - 'HOSTNAME') - export REDIRECTIT="$HOSTNAME" - ;; - *) - export REDIRECTIT="$REDIRECTHOST" - ;; - esac } got_root() { @@ -1653,6 +1642,20 @@ set_node_type() { esac } +set_redirect() { + case $REDIRECTINFO in + 'IP') + REDIRECTIT="$MAINIP" + ;; + 'HOSTNAME') + REDIRECTIT="$HOSTNAME" + ;; + *) + REDIRECTIT="$REDIRECTHOST" + ;; + esac +} + set_updates() { if [ "$MANAGERUPDATES" = '1' ]; then if [ "$OS" = 'centos' ]; then diff --git a/setup/so-setup b/setup/so-setup index 6ca4d3d57..4f681e12e 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -369,7 +369,10 @@ if [[ $is_manager && ! $is_eval ]]; then add_soremote_user_manager >> $setup_log 2>&1 fi -set_main_ip >> $setup_log 2>&1 +{ + set_main_ip; + set_redirect; +} >> $setup_log 2>&1 host_pillar >> $setup_log 2>&1 From 57cd2cdbeb4c5ee6dee2e4f402a112657a339d27 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Tue, 14 Jul 2020 10:37:49 -0400 Subject: [PATCH 036/124] Change opt/so perms --- salt/common/init.sls | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/salt/common/init.sls b/salt/common/init.sls index ef558d3e5..bb241c805 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -15,6 +15,13 @@ socore: - createhome: True - shell: /bin/bash +soperms: + file.directory: + - name: /opt/so + - uid: 939 + - gid: 939 + - dir_mode: 770 + # Create a state directory statedir: file.directory: From ad3c4c49503369306873e08a6372d96327053c0c Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 14 Jul 2020 11:09:12 -0400 Subject: [PATCH 037/124] [fix] master -> manager --- salt/motd/files/so_motd.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/motd/files/so_motd.jinja b/salt/motd/files/so_motd.jinja index 941aa2350..4b22eb56c 100644 --- a/salt/motd/files/so_motd.jinja +++ b/salt/motd/files/so_motd.jinja @@ -1,5 +1,5 @@ {% set needs_restarting_check = salt['mine.get']('*', 'needs_restarting.check', tgt_type='glob') -%} -{% set url = salt['pillar.get']('master:url_base') -%} +{% set url = salt['pillar.get']('manager:url_base') -%} Access the Security Onion web interface at https://{{ url }} From caf9e3f75a6ac679bab56038cb23870bcc12757a Mon Sep 17 00:00:00 2001 From: William Wernert Date: Tue, 14 Jul 2020 11:13:50 -0400 Subject: [PATCH 038/124] [fix] Redirect hive_init output to log --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 4f681e12e..91c2d4806 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -630,7 +630,7 @@ if [[ -n $SO_ERROR ]]; then whiptail_setup_failed else whiptail_setup_complete - if [[ $THEHIVE == 1 ]]; then check_hive_init; fi + if [[ $THEHIVE == 1 ]]; then check_hive_init >> $setup_log 2>&1; fi fi if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then From ba8395fc118458a0109353cce4a027917e9380d6 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 14 Jul 2020 13:04:29 -0400 Subject: [PATCH 039/124] Fleet reactor fix --- salt/fleet/event_gen-packages.sls | 3 ++- salt/reactor/fleet.sls | 5 ++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/fleet/event_gen-packages.sls b/salt/fleet/event_gen-packages.sls index 1cf7e331a..4aaf631e7 100644 --- a/salt/fleet/event_gen-packages.sls +++ b/salt/fleet/event_gen-packages.sls @@ -3,6 +3,7 @@ {% set CURRENTPACKAGEVERSION = salt['pillar.get']('static:fleet_packages-version') %} {% set VERSION = salt['pillar.get']('static:soversion') %} {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('static:fleet_custom_hostname', None) %} +{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% if CUSTOM_FLEET_HOSTNAME != None and CUSTOM_FLEET_HOSTNAME != '' %} {% set HOSTNAME = CUSTOM_FLEET_HOSTNAME %} @@ -21,4 +22,4 @@ so/fleet: current-package-version: {{ CURRENTPACKAGEVERSION }} manager: {{ MANAGER }} version: {{ VERSION }} - \ No newline at end of file + imagerepo: {{ IMAGEREPO }} \ No newline at end of file diff --git a/salt/reactor/fleet.sls b/salt/reactor/fleet.sls index 507fab620..177dabf3a 100644 --- a/salt/reactor/fleet.sls +++ b/salt/reactor/fleet.sls @@ -1,5 +1,3 @@ -{% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} - #!py from time import gmtime, strftime @@ -55,13 +53,14 @@ def run(): MANAGER = data['data']['manager'] VERSION = data['data']['version'] ESECRET = data['data']['enroll-secret'] + IMAGEREPO = data['data']['imagerepo'] # Increment the package version by 1 PACKAGEVERSION += 1 # Run Docker container that will build the packages gen_packages = subprocess.run(["docker", "run","--rm", "--mount", f"type=bind,source={LOCAL_SALT_DIR}/salt/fleet/packages,target=/output", \ - "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MANAGER }:5000/{{ IMAGEREPO }}/so-fleet-launcher:{ VERSION }", \ + "--mount", "type=bind,source=/etc/ssl/certs/intca.crt,target=/var/launcher/launcher.crt", f"{ MANAGER }:5000/{ IMAGEREPO }/so-fleet-launcher:{ VERSION }", \ f"{ESECRET}", f"{PACKAGEHOSTNAME}:8090", f"{PACKAGEVERSION}.1.1"], stdout=subprocess.PIPE, encoding='ascii') # Update the 'packages-built' timestamp on the webpage (stored in the static pillar) From f9df39977b2dc928f218bacff1b120569aadf2b9 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Tue, 14 Jul 2020 17:38:43 +0000 Subject: [PATCH 040/124] Add observer name for Strelka events --- salt/elasticsearch/files/ingest/strelka.file | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/elasticsearch/files/ingest/strelka.file b/salt/elasticsearch/files/ingest/strelka.file index 17c1dca62..78fa5a10e 100644 --- a/salt/elasticsearch/files/ingest/strelka.file +++ b/salt/elasticsearch/files/ingest/strelka.file @@ -19,6 +19,7 @@ } } }, + { "set": { "field": "observer.name", "value": "{{agent.name}}", { "remove": { "field": ["host", "path", "message", "scan.exiftool.keys"], "ignore_missing": true } }, { "pipeline": { "name": "common" } } ] From a1e6a85a68bfa638571fd037fb09d7fc1595bd2f Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Tue, 14 Jul 2020 15:49:46 -0400 Subject: [PATCH 041/124] explicitly set Suricata timestamp timezone to UTC --- salt/elasticsearch/files/ingest/suricata.common | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/ingest/suricata.common b/salt/elasticsearch/files/ingest/suricata.common index 435f845c1..2bc727012 100644 --- a/salt/elasticsearch/files/ingest/suricata.common +++ b/salt/elasticsearch/files/ingest/suricata.common @@ -13,7 +13,7 @@ { "rename":{ "field": "message2.event_type", "target_field": "dataset", "ignore_failure": true } }, { "set": { "field": "observer.name", "value": "{{agent.name}}" } }, { "set": { "field": "ingest.timestamp", "value": "{{@timestamp}}" } }, - { "set": { "field": "@timestamp", "value": "{{message2.timestamp}}" } }, + { "date": { "field": "message2.timestamp", "target_field": "@timestamp", "formats": ["ISO8601", "UNIX"], "timezone": "UTC", "ignore_failure": true } }, { "remove":{ "field": "agent", "ignore_failure": true } }, { "pipeline": { "name": "suricata.{{dataset}}" } } ] From 57bf23d83c7317e3cabec3658a02b213bc012775 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 14 Jul 2020 16:07:46 -0400 Subject: [PATCH 042/124] move templates from logstash to elasticsearch --- pillar/elasticsearch/search.sls | 13 +++++++ pillar/logstash/eval.sls | 29 -------------- pillar/logstash/search.sls | 12 ------ pillar/top.sls | 3 ++ .../tools/sbin/so-elasticsearch-templates | 4 +- salt/elasticsearch/init.sls | 39 +++++++++++++++++++ .../custom/place_custom_template_in_local | 0 .../templates/so/so-beats-template.json.jinja | 0 .../templates/so/so-common-template.json | 0 .../so/so-firewall-template.json.jinja | 0 .../templates/so/so-flow-template.json.jinja | 0 .../templates/so/so-ids-template.json.jinja | 0 .../so/so-import-template.json.jinja | 0 .../so/so-osquery-template.json.jinja | 0 .../templates/so/so-ossec-template.json.jinja | 0 .../so/so-strelka-template.json.jinja | 0 .../so/so-syslog-template.json.jinja | 0 .../templates/so/so-zeek-template.json.jinja | 0 salt/logstash/init.sls | 35 +---------------- .../config/so/9000_output_zeek.conf.jinja | 2 +- .../config/so/9002_output_import.conf.jinja | 2 +- .../config/so/9004_output_flow.conf.jinja | 2 +- .../config/so/9033_output_snort.conf.jinja | 2 +- .../config/so/9034_output_syslog.conf.jinja | 2 +- .../config/so/9100_output_osquery.conf.jinja | 2 +- .../config/so/9200_output_firewall.conf.jinja | 2 +- .../config/so/9400_output_suricata.conf.jinja | 2 +- .../config/so/9500_output_beats.conf.jinja | 2 +- .../config/so/9600_output_ossec.conf.jinja | 2 +- .../config/so/9700_output_strelka.conf.jinja | 2 +- 30 files changed, 70 insertions(+), 87 deletions(-) create mode 100644 pillar/elasticsearch/search.sls delete mode 100644 pillar/logstash/eval.sls rename salt/{logstash/pipelines => elasticsearch}/templates/custom/place_custom_template_in_local (100%) rename salt/{logstash/pipelines => elasticsearch}/templates/so/so-beats-template.json.jinja (100%) rename salt/{logstash/pipelines => elasticsearch}/templates/so/so-common-template.json (100%) rename salt/{logstash/pipelines => elasticsearch}/templates/so/so-firewall-template.json.jinja (100%) rename salt/{logstash/pipelines => elasticsearch}/templates/so/so-flow-template.json.jinja (100%) rename salt/{logstash/pipelines => elasticsearch}/templates/so/so-ids-template.json.jinja (100%) rename salt/{logstash/pipelines => elasticsearch}/templates/so/so-import-template.json.jinja (100%) rename salt/{logstash/pipelines => elasticsearch}/templates/so/so-osquery-template.json.jinja (100%) rename salt/{logstash/pipelines => elasticsearch}/templates/so/so-ossec-template.json.jinja (100%) rename salt/{logstash/pipelines => elasticsearch}/templates/so/so-strelka-template.json.jinja (100%) rename salt/{logstash/pipelines => elasticsearch}/templates/so/so-syslog-template.json.jinja (100%) rename salt/{logstash/pipelines => elasticsearch}/templates/so/so-zeek-template.json.jinja (100%) diff --git a/pillar/elasticsearch/search.sls b/pillar/elasticsearch/search.sls new file mode 100644 index 000000000..9ff97de5b --- /dev/null +++ b/pillar/elasticsearch/search.sls @@ -0,0 +1,13 @@ +elasticsearch: + templates: + - so/so-beats-template.json.jinja + - so/so-common-template.json + - so/so-firewall-template.json.jinja + - so/so-flow-template.json.jinja + - so/so-ids-template.json.jinja + - so/so-import-template.json.jinja + - so/so-osquery-template.json.jinja + - so/so-ossec-template.json.jinja + - so/so-strelka-template.json.jinja + - so/so-syslog-template.json.jinja + - so/so-zeek-template.json.jinja diff --git a/pillar/logstash/eval.sls b/pillar/logstash/eval.sls deleted file mode 100644 index fcdd13bb7..000000000 --- a/pillar/logstash/eval.sls +++ /dev/null @@ -1,29 +0,0 @@ -logstash: - pipelines: - eval: - config: - - so/0800_input_eval.conf - - so/1002_preprocess_json.conf - - so/1033_preprocess_snort.conf - - so/7100_osquery_wel.conf - - so/8999_postprocess_rename_type.conf - - so/9000_output_bro.conf.jinja - - so/9002_output_import.conf.jinja - - so/9033_output_snort.conf.jinja - - so/9100_output_osquery.conf.jinja - - so/9400_output_suricata.conf.jinja - - so/9500_output_beats.conf.jinja - - so/9600_output_ossec.conf.jinja - - so/9700_output_strelka.conf.jinja - templates: - - so/so-beats-template.json.jinja - - so/so-common-template.json - - so/so-firewall-template.json.jinja - - so/so-flow-template.json.jinja - - so/so-ids-template.json.jinja - - so/so-import-template.json.jinja - - so/so-osquery-template.json.jinja - - so/so-ossec-template.json.jinja - - so/so-strelka-template.json.jinja - - so/so-syslog-template.json.jinja - - so/so-zeek-template.json.jinja diff --git a/pillar/logstash/search.sls b/pillar/logstash/search.sls index 9c069fd20..486deb408 100644 --- a/pillar/logstash/search.sls +++ b/pillar/logstash/search.sls @@ -11,15 +11,3 @@ logstash: - so/9500_output_beats.conf.jinja - so/9600_output_ossec.conf.jinja - so/9700_output_strelka.conf.jinja - templates: - - so/so-beats-template.json.jinja - - so/so-common-template.json - - so/so-firewall-template.json.jinja - - so/so-flow-template.json.jinja - - so/so-ids-template.json.jinja - - so/so-import-template.json.jinja - - so/so-osquery-template.json.jinja - - so/so-ossec-template.json.jinja - - so/so-strelka-template.json.jinja - - so/so-syslog-template.json.jinja - - so/so-zeek-template.json.jinja diff --git a/pillar/top.sls b/pillar/top.sls index 6eba800a9..e3ae34f28 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -11,6 +11,7 @@ base: - logstash - logstash.manager - logstash.search + - elasticsearch.search '*_sensor': - static @@ -41,6 +42,7 @@ base: - logstash - logstash.manager - logstash.search + - elasticsearch.search - data.* - brologs - secrets @@ -75,4 +77,5 @@ base: - static - logstash - logstash.search + - elasticsearch.search - minions.{{ grains.id }} diff --git a/salt/common/tools/sbin/so-elasticsearch-templates b/salt/common/tools/sbin/so-elasticsearch-templates index 6b3e19d30..dfbf07c42 100755 --- a/salt/common/tools/sbin/so-elasticsearch-templates +++ b/salt/common/tools/sbin/so-elasticsearch-templates @@ -15,13 +15,13 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -default_salt_dir=/opt/so/saltstack/default +default_conf_dir=/opt/so/conf ELASTICSEARCH_HOST="{{ MANAGERIP}}" ELASTICSEARCH_PORT=9200 #ELASTICSEARCH_AUTH="" # Define a default directory to load pipelines from -ELASTICSEARCH_TEMPLATES="$default_salt_dir/salt/logstash/pipelines/templates/so/" +ELASTICSEARCH_TEMPLATES="$default_conf_dir/elasticsearch/templates/" # Wait for ElasticSearch to initialize echo -n "Waiting for ElasticSearch..." diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 7a791c0d2..357a9f415 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -31,6 +31,8 @@ {% set esheap = salt['pillar.get']('elasticsearch:esheap', '') %} {% endif %} +{% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} + vm.max_map_count: sysctl.present: - value: 262144 @@ -63,6 +65,13 @@ esingestdir: - group: 939 - makedirs: True +estemplatedir: + file.directory: + - name: /opt/so/conf/elasticsearch/templates + - user: 930 + - group: 939 + - makedirs: True + esingestconf: file.recurse: - name: /opt/so/conf/elasticsearch/ingest @@ -86,6 +95,36 @@ esyml: - group: 939 - template: jinja +#sync templates to /opt/so/conf/elasticsearch/templates +{% for TEMPLATE in TEMPLATES %} +es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}: + file.managed: + - source: salt://elasticsearch/templates/{{TEMPLATE}} + {% if 'jinja' in TEMPLATE.split('.')[-1] %} + - name: /opt/so/conf/elasticsearch/templates/{{TEMPLATE.split('/')[1] | replace(".jinja", "")}} + - template: jinja + {% else %} + - name: /opt/so/conf/elasticsearch/templates/{{TEMPLATE.split('/')[1]}} + {% endif %} + - user: 930 + - group: 939 +{% endfor %} + +es_templates: + file.recurse: + - name: /opt/so/conf/elasticsearch/templates + - source: salt://elasticsearch/templates + - user: 930 + - group: 939 + - template: jinja + - clean: True +{% if TEMPLATES %} + - require: + {% for TEMPLATE in TEMPLATES %} + - file: es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }} + {% endfor %} +{% endif %} + nsmesdir: file.directory: - name: /nsm/elasticsearch diff --git a/salt/logstash/pipelines/templates/custom/place_custom_template_in_local b/salt/elasticsearch/templates/custom/place_custom_template_in_local similarity index 100% rename from salt/logstash/pipelines/templates/custom/place_custom_template_in_local rename to salt/elasticsearch/templates/custom/place_custom_template_in_local diff --git a/salt/logstash/pipelines/templates/so/so-beats-template.json.jinja b/salt/elasticsearch/templates/so/so-beats-template.json.jinja similarity index 100% rename from salt/logstash/pipelines/templates/so/so-beats-template.json.jinja rename to salt/elasticsearch/templates/so/so-beats-template.json.jinja diff --git a/salt/logstash/pipelines/templates/so/so-common-template.json b/salt/elasticsearch/templates/so/so-common-template.json similarity index 100% rename from salt/logstash/pipelines/templates/so/so-common-template.json rename to salt/elasticsearch/templates/so/so-common-template.json diff --git a/salt/logstash/pipelines/templates/so/so-firewall-template.json.jinja b/salt/elasticsearch/templates/so/so-firewall-template.json.jinja similarity index 100% rename from salt/logstash/pipelines/templates/so/so-firewall-template.json.jinja rename to salt/elasticsearch/templates/so/so-firewall-template.json.jinja diff --git a/salt/logstash/pipelines/templates/so/so-flow-template.json.jinja b/salt/elasticsearch/templates/so/so-flow-template.json.jinja similarity index 100% rename from salt/logstash/pipelines/templates/so/so-flow-template.json.jinja rename to salt/elasticsearch/templates/so/so-flow-template.json.jinja diff --git a/salt/logstash/pipelines/templates/so/so-ids-template.json.jinja b/salt/elasticsearch/templates/so/so-ids-template.json.jinja similarity index 100% rename from salt/logstash/pipelines/templates/so/so-ids-template.json.jinja rename to salt/elasticsearch/templates/so/so-ids-template.json.jinja diff --git a/salt/logstash/pipelines/templates/so/so-import-template.json.jinja b/salt/elasticsearch/templates/so/so-import-template.json.jinja similarity index 100% rename from salt/logstash/pipelines/templates/so/so-import-template.json.jinja rename to salt/elasticsearch/templates/so/so-import-template.json.jinja diff --git a/salt/logstash/pipelines/templates/so/so-osquery-template.json.jinja b/salt/elasticsearch/templates/so/so-osquery-template.json.jinja similarity index 100% rename from salt/logstash/pipelines/templates/so/so-osquery-template.json.jinja rename to salt/elasticsearch/templates/so/so-osquery-template.json.jinja diff --git a/salt/logstash/pipelines/templates/so/so-ossec-template.json.jinja b/salt/elasticsearch/templates/so/so-ossec-template.json.jinja similarity index 100% rename from salt/logstash/pipelines/templates/so/so-ossec-template.json.jinja rename to salt/elasticsearch/templates/so/so-ossec-template.json.jinja diff --git a/salt/logstash/pipelines/templates/so/so-strelka-template.json.jinja b/salt/elasticsearch/templates/so/so-strelka-template.json.jinja similarity index 100% rename from salt/logstash/pipelines/templates/so/so-strelka-template.json.jinja rename to salt/elasticsearch/templates/so/so-strelka-template.json.jinja diff --git a/salt/logstash/pipelines/templates/so/so-syslog-template.json.jinja b/salt/elasticsearch/templates/so/so-syslog-template.json.jinja similarity index 100% rename from salt/logstash/pipelines/templates/so/so-syslog-template.json.jinja rename to salt/elasticsearch/templates/so/so-syslog-template.json.jinja diff --git a/salt/logstash/pipelines/templates/so/so-zeek-template.json.jinja b/salt/elasticsearch/templates/so/so-zeek-template.json.jinja similarity index 100% rename from salt/logstash/pipelines/templates/so/so-zeek-template.json.jinja rename to salt/elasticsearch/templates/so/so-zeek-template.json.jinja diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index 87f348744..dbf345822 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -36,7 +36,6 @@ {% endif %} {% set PIPELINES = salt['pillar.get']('logstash:pipelines', {}) %} -{% set TEMPLATES = salt['pillar.get']('logstash:templates', {}) %} {% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %} # Create the logstash group @@ -94,21 +93,6 @@ ls_pipeline_{{PL}}: {% endfor %} -#sync templates to /opt/so/conf/logstash/etc -{% for TEMPLATE in TEMPLATES %} -ls_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}: - file.managed: - - source: salt://logstash/pipelines/templates/{{TEMPLATE}} - {% if 'jinja' in TEMPLATE.split('.')[-1] %} - - name: /opt/so/conf/logstash/etc/{{TEMPLATE.split('/')[1] | replace(".jinja", "")}} - - template: jinja - {% else %} - - name: /opt/so/conf/logstash/etc/{{TEMPLATE.split('/')[1]}} - {% endif %} - - user: 931 - - group: 939 -{% endfor %} - lspipelinesyml: file.managed: - name: /opt/so/conf/logstash/etc/pipelines.yml @@ -126,12 +110,6 @@ lsetcsync: - group: 939 - template: jinja - clean: True -{% if TEMPLATES %} - - require: - {% for TEMPLATE in TEMPLATES %} - - file: ls_template_{{TEMPLATE.split('.')[0] | replace("/","_") }} - {% endfor %} -{% endif %} - exclude_pat: pipelines* # Create the import directory @@ -171,13 +149,7 @@ so-logstash: - {{ BINDING }} {% endfor %} - binds: -{% for TEMPLATE in TEMPLATES %} - {% if 'jinja' in TEMPLATE.split('.')[-1] %} - - /opt/so/conf/logstash/etc/{{TEMPLATE.split('/')[1] | replace(".jinja", "")}}:/{{TEMPLATE.split('/')[1] | replace(".jinja", "")}}:ro - {% else %} - - /opt/so/conf/logstash/etc/{{TEMPLATE.split('/')[1]}}:/{{TEMPLATE.split('/')[1]}}:ro - {% endif %} -{% endfor %} + - /opt/so/conf/elasticsearch/templates/:/templates/:ro - /opt/so/conf/logstash/etc/log4j2.properties:/usr/share/logstash/config/log4j2.properties:ro - /opt/so/conf/logstash/etc/logstash.yml:/usr/share/logstash/config/logstash.yml:ro - /opt/so/conf/logstash/etc/pipelines.yml:/usr/share/logstash/config/pipelines.yml @@ -206,7 +178,4 @@ so-logstash: - file: ls_pipeline_{{PL}}_{{CONFIGFILE.split('.')[0] | replace("/","_") }} {% endfor %} {% endfor %} -{% for TEMPLATE in TEMPLATES %} - - file: ls_template_{{TEMPLATE.split('.')[0] | replace("/","_") }} -{% endfor %} -# - file: /opt/so/conf/logstash/rulesets + - file: /opt/so/conf/elasticsearch/templates/* \ No newline at end of file diff --git a/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja b/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja index 54a30f272..f86bf946c 100644 --- a/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja +++ b/salt/logstash/pipelines/config/so/9000_output_zeek.conf.jinja @@ -10,7 +10,7 @@ output { hosts => "{{ ES }}" index => "so-zeek-%{+YYYY.MM.dd}" template_name => "so-zeek" - template => "/so-zeek-template.json" + template => "/templates/so-zeek-template.json" template_overwrite => true } } diff --git a/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja b/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja index 563e5984e..52c9f034a 100644 --- a/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja +++ b/salt/logstash/pipelines/config/so/9002_output_import.conf.jinja @@ -10,7 +10,7 @@ output { hosts => "{{ ES }}" index => "so-import-%{+YYYY.MM.dd}" template_name => "so-import" - template => "/so-import-template.json" + template => "/templates/so-import-template.json" template_overwrite => true } } diff --git a/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja b/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja index 007713811..740676367 100644 --- a/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja +++ b/salt/logstash/pipelines/config/so/9004_output_flow.conf.jinja @@ -9,7 +9,7 @@ output { hosts => "{{ ES }}" index => "so-flow-%{+YYYY.MM.dd}" template_name => "so-flow" - template => "/so-flow-template.json" + template => "/templates/so-flow-template.json" template_overwrite => true } } diff --git a/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja b/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja index 065653f01..fed1ffdf5 100644 --- a/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja +++ b/salt/logstash/pipelines/config/so/9033_output_snort.conf.jinja @@ -9,7 +9,7 @@ output { hosts => "{{ ES }}" index => "so-ids-%{+YYYY.MM.dd}" template_name => "so-ids" - template => "/so-ids-template.json" + template => "/templates/so-ids-template.json" template_overwrite => true } } diff --git a/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja b/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja index cd7e44d74..5087f41da 100644 --- a/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja +++ b/salt/logstash/pipelines/config/so/9034_output_syslog.conf.jinja @@ -10,7 +10,7 @@ output { hosts => "{{ ES }}" index => "so-syslog-%{+YYYY.MM.dd}" template_name => "so-syslog" - template => "/so-syslog-template.json" + template => "/templates/so-syslog-template.json" template_overwrite => true } } diff --git a/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja b/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja index 3b99a7afa..01436cf5f 100644 --- a/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja +++ b/salt/logstash/pipelines/config/so/9100_output_osquery.conf.jinja @@ -10,7 +10,7 @@ output { hosts => "{{ ES }}" index => "so-osquery-%{+YYYY.MM.dd}" template_name => "so-osquery" - template => "/so-osquery-template.json" + template => "/templates/so-osquery-template.json" template_overwrite => true } } diff --git a/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja b/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja index 9407fe79e..a295b5f7a 100644 --- a/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja +++ b/salt/logstash/pipelines/config/so/9200_output_firewall.conf.jinja @@ -9,7 +9,7 @@ output { hosts => "{{ ES }}" index => "so-firewall-%{+YYYY.MM.dd}" template_name => "so-firewall" - template => "/so-firewall-template.json" + template => "/templates/so-firewall-template.json" template_overwrite => true } } diff --git a/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja b/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja index d3026aa20..ace7cccf1 100644 --- a/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja +++ b/salt/logstash/pipelines/config/so/9400_output_suricata.conf.jinja @@ -10,7 +10,7 @@ output { hosts => "{{ ES }}" index => "so-ids-%{+YYYY.MM.dd}" template_name => "so-ids" - template => "/so-ids-template.json" + template => "/templates/so-ids-template.json" } } } diff --git a/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja b/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja index 6874e5e76..ed513f597 100644 --- a/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja +++ b/salt/logstash/pipelines/config/so/9500_output_beats.conf.jinja @@ -10,7 +10,7 @@ output { hosts => "{{ ES }}" index => "so-beats-%{+YYYY.MM.dd}" template_name => "so-beats" - template => "/so-beats-template.json" + template => "/templates/so-beats-template.json" template_overwrite => true } } diff --git a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja index 77610d9e0..14a9bc1d1 100644 --- a/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja +++ b/salt/logstash/pipelines/config/so/9600_output_ossec.conf.jinja @@ -10,7 +10,7 @@ output { hosts => "{{ ES }}" index => "so-ossec-%{+YYYY.MM.dd}" template_name => "so-ossec" - template => "/so-ossec-template.json" + template => "/templates/so-ossec-template.json" template_overwrite => true } } diff --git a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja index b92e2a3d9..9fd074f3f 100644 --- a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja +++ b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja @@ -10,7 +10,7 @@ output { hosts => "{{ ES }}" index => "so-strelka-%{+YYYY.MM.dd}" template_name => "so-strelka" - template => "/so-strelka-template.json" + template => "/templates/so-strelka-template.json" template_overwrite => true } } From 8647944ae641700fd42eddafd145dbae221a65c1 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Tue, 14 Jul 2020 16:59:06 -0400 Subject: [PATCH 043/124] Parsing & Hunt query updates --- salt/elasticsearch/files/ingest/beats.common | 3 ++- salt/soc/files/soc/soc.json | 8 ++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/salt/elasticsearch/files/ingest/beats.common b/salt/elasticsearch/files/ingest/beats.common index 5ca41e5f5..cafbc9e94 100644 --- a/salt/elasticsearch/files/ingest/beats.common +++ b/salt/elasticsearch/files/ingest/beats.common @@ -4,7 +4,8 @@ {"community_id": {"if": "ctx.winlog.event_data?.Protocol != null", "field":["winlog.event_data.SourceIp","winlog.event_data.SourcePort","winlog.event_data.DestinationIp","winlog.event_data.DestinationPort","winlog.event_data.Protocol"],"target_field":"network.community_id"}}, { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational'", "field": "event.module", "value": "sysmon", "override": true } }, { "set": { "if": "ctx.winlog?.channel != null", "field": "event.module", "value": "windows_eventlog", "override": false, "ignore_failure": true } }, - { "set": { "if": "ctx.agent?.type != null", "field": "module", "value": "{{agent.type}}", "override": true } }, + { "set": { "if": "ctx.agent?.type != null", "field": "module", "value": "{{agent.type}}", "override": true } }, + { "set": { "if": "ctx.winlog?.channel != 'Microsoft-Windows-Sysmon/Operational'", "field": "event.dataset", "value": "{{winlog.channel}}", "override": true } }, { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 3", "field": "event.category", "value": "host,process,network", "override": true } }, { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 1", "field": "event.category", "value": "host,process", "override": true } }, { "set": { "if": "ctx.winlog?.channel == 'Microsoft-Windows-Sysmon/Operational' && ctx.event?.code == 1", "field": "event.dataset", "value": "process_creation", "override": true } }, diff --git a/salt/soc/files/soc/soc.json b/salt/soc/files/soc/soc.json index 6b6a84d50..31e49fc86 100644 --- a/salt/soc/files/soc/soc.json +++ b/salt/soc/files/soc/soc.json @@ -78,8 +78,8 @@ "su" : ["soc_timestamp", "message" ], "sudo" : ["soc_timestamp", "message" ], "systemd": ["soc_timestamp", "message" ], - "sysmon": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "computer_name", "event_id", "parent_image_path", "source_name", "task", "username" ], - "wineventlog": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "computer_name", "event_id", "log_name", "source_name", "task" ] + "sysmon": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "host.name", "event.dataset", "parent_image_path", "source_name", "task", "user.name" ], + "wineventlog": ["soc_timestamp", "source.ip", "source.port", "destination.ip", "destination.port", "host.name", "event.code", "event.dataset", "source_name", "task" ] }, "queries": [ { "name": "Default Query", "description": "Show all events grouped by the origin host", "query": "* | groupby observer.name"}, @@ -91,8 +91,8 @@ { "name": "Wazuh/OSSEC Commands", "description": "Show all Wazuh alerts grouped by command line", "query": "event.module:ossec AND event.dataset:alert | groupby process.command_line"}, { "name": "Wazuh/OSSEC Processes", "description": "Show all Wazuh alerts grouped by process name", "query": "event.module:ossec AND event.dataset:alert | groupby process.name"}, { "name": "Wazuh/OSSEC Users", "description": "Show all Wazuh alerts grouped by username", "query": "event.module:ossec AND event.dataset:alert | groupby user.name"}, - { "name": "Sysmon Events", "description": "Show all Sysmon logs grouped by event_id", "query": "event_type:sysmon | groupby event_id"}, - { "name": "Sysmon Usernames", "description": "Show all Sysmon logs grouped by username", "query": "event_type:sysmon | groupby username"}, + { "name": "Sysmon Events", "description": "Show all Sysmon logs grouped by event type", "query": "event.module:sysmon | groupby event.dataset"}, + { "name": "Sysmon Usernames", "description": "Show all Sysmon logs grouped by username", "query": "event.module:sysmon | groupby event.dataset, user.name.keyword"}, { "name": "Zeek Notice", "description": "Show notices from Zeek", "query": "event.dataset:notice | groupby notice.note notice.message"}, { "name": "Connections", "description": "Connections grouped by IP and Port", "query": "event.dataset:conn | groupby source.ip destination.ip network.protocol destination.port"}, { "name": "Connections", "description": "Connections grouped by Service", "query": "event.dataset:conn | groupby network.protocol destination.port"}, From acaec6c1251c3c3d883a60f557ff25d22afbcdab Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 14 Jul 2020 17:12:29 -0400 Subject: [PATCH 044/124] remove recurse causing issues --- salt/elasticsearch/init.sls | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 357a9f415..7e09ed6c1 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -110,21 +110,6 @@ es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }}: - group: 939 {% endfor %} -es_templates: - file.recurse: - - name: /opt/so/conf/elasticsearch/templates - - source: salt://elasticsearch/templates - - user: 930 - - group: 939 - - template: jinja - - clean: True -{% if TEMPLATES %} - - require: - {% for TEMPLATE in TEMPLATES %} - - file: es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }} - {% endfor %} -{% endif %} - nsmesdir: file.directory: - name: /nsm/elasticsearch From 9bbbaa485cc55a1d801e2f024a38a6f71c28f0d9 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 14 Jul 2020 16:52:49 -0400 Subject: [PATCH 045/124] Switch PM to AM since we want to span midnight to midnight --- salt/common/tools/sbin/so-import-pcap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap index 730013b4d..ae7f996ac 100755 --- a/salt/common/tools/sbin/so-import-pcap +++ b/salt/common/tools/sbin/so-import-pcap @@ -209,7 +209,7 @@ cat << EOF Import complete! You can use the following hyperlink to view data in the time range of your import. You can triple-click to quickly highlight the entire hyperlink and you can then copy it into your browser: -https://{{ MANAGERIP }}/#/hunt?q=%2a%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20PM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20PM +https://{{ MANAGERIP }}/#/hunt?q=%2a%20%7C%20groupby%20event.module%20event.dataset&t=${START_OLDEST_SLASH}%2000%3A00%3A00%20AM%20-%20${END_NEWEST_SLASH}%2000%3A00%3A00%20AM or you can manually set your Time Range to be: From: $START_OLDEST To: $END_NEWEST From acb800d1c9f7ad9946f48ca156c27f8b9bafcadb Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 14 Jul 2020 17:36:26 -0400 Subject: [PATCH 046/124] Using static UID for Grafana overview dashboard to allow SOC to directly link to those dashboards --- salt/grafana/init.sls | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/salt/grafana/init.sls b/salt/grafana/init.sls index e3119314b..e63c9a9c4 100644 --- a/salt/grafana/init.sls +++ b/salt/grafana/init.sls @@ -93,7 +93,7 @@ dashboard-manager: MANINT: {{ SNDATA.manint }} MONINT: {{ SNDATA.manint }} CPUS: {{ SNDATA.totalcpus }} - UID: {{ SNDATA.guid }} + UID: so_overview ROOTFS: {{ SNDATA.rootfs }} NSMFS: {{ SNDATA.nsmfs }} @@ -116,7 +116,7 @@ dashboard-managersearch: MANINT: {{ SNDATA.manint }} MONINT: {{ SNDATA.manint }} CPUS: {{ SNDATA.totalcpus }} - UID: {{ SNDATA.guid }} + UID: so_overview ROOTFS: {{ SNDATA.rootfs }} NSMFS: {{ SNDATA.nsmfs }} @@ -139,7 +139,7 @@ dashboard-standalone: MANINT: {{ SNDATA.manint }} MONINT: {{ SNDATA.manint }} CPUS: {{ SNDATA.totalcpus }} - UID: {{ SNDATA.guid }} + UID: so_overview ROOTFS: {{ SNDATA.rootfs }} NSMFS: {{ SNDATA.nsmfs }} @@ -208,7 +208,7 @@ dashboard-{{ SN }}: MANINT: {{ SNDATA.manint }} MONINT: {{ SNDATA.monint }} CPUS: {{ SNDATA.totalcpus }} - UID: {{ SNDATA.guid }} + UID: so_overview ROOTFS: {{ SNDATA.rootfs }} NSMFS: {{ SNDATA.nsmfs }} From 5cf71596b295a282cf5f6d417332c33839de1d08 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Tue, 14 Jul 2020 17:36:52 -0400 Subject: [PATCH 047/124] add curlys --- salt/elasticsearch/files/ingest/strelka.file | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/files/ingest/strelka.file b/salt/elasticsearch/files/ingest/strelka.file index 78fa5a10e..d9d6fc0f0 100644 --- a/salt/elasticsearch/files/ingest/strelka.file +++ b/salt/elasticsearch/files/ingest/strelka.file @@ -19,7 +19,7 @@ } } }, - { "set": { "field": "observer.name", "value": "{{agent.name}}", + { "set": { "field": "observer.name", "value": "{{agent.name}}" }}, { "remove": { "field": ["host", "path", "message", "scan.exiftool.keys"], "ignore_missing": true } }, { "pipeline": { "name": "common" } } ] From c0960e58e8d75d2de364ec78441e531687203881 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 14 Jul 2020 19:42:50 -0400 Subject: [PATCH 048/124] Improve grammer of so-allow input prompt --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 0650dd256..74847f688 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1075,7 +1075,7 @@ whiptail_so_allow() { if [[ $exitstatus == 0 ]]; then ALLOW_CIDR=$(whiptail --title "Security Onion Setup" \ - --inputbox "Enter a single ip address or range (in CIDR notation) to allow" \ + --inputbox "Enter a single IP address, or an IP range, in CIDR notation, to allow:" \ 10 75 3>&1 1>&2 2>&3) local exitstatus=$? From b53ce392ef8e5cdb44ecbc88ea79c90060999c69 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 14 Jul 2020 22:45:38 -0400 Subject: [PATCH 049/124] Improve grammer of summary screen in whiptail --- setup/so-whiptail | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 74847f688..e48850cb1 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1034,11 +1034,11 @@ whiptail_setup_complete() { fi read -r -d '' message <<- EOM - Finished ${install_type} install + Finished ${install_type} installation. - ${sentence_prefix} the web interface at https://${REDIRECTIT} + ${sentence_prefix} the web interface at: https://${REDIRECTIT} - Press ENTER to reboot + Press ENTER to reboot. EOM whiptail --title "Security Onion Setup" --msgbox "$message" 12 75 From 9dc115134779a480c5be80f0a2bcf19e998186fa Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Tue, 14 Jul 2020 22:59:42 -0400 Subject: [PATCH 050/124] Imported logs are sent to so-import index on eval installations --- salt/filebeat/etc/filebeat.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml index 6aeac7bba..1342775b7 100644 --- a/salt/filebeat/etc/filebeat.yml +++ b/salt/filebeat/etc/filebeat.yml @@ -127,7 +127,7 @@ filebeat.inputs: imported: true processors: - add_tags: - tags: [import] + tags: ["import"] - dissect: tokenizer: "/nsm/import/%{import.id}/zeek/logs/%{import.file}" field: "log.file.path" @@ -167,7 +167,7 @@ filebeat.inputs: imported: true processors: - add_tags: - tags: [import] + tags: ["import"] - dissect: tokenizer: "/nsm/import/%{import.id}/suricata/%{import.file}" field: "log.file.path" @@ -260,6 +260,9 @@ output.elasticsearch: pipelines: - pipeline: "%{[module]}.%{[dataset]}" indices: + - index: "so-import-%{+yyyy.MM.dd}" + when.contains: + tags: "import" - index: "so-zeek-%{+yyyy.MM.dd}" when.contains: module: "zeek" From e4fff05dbc3d1af6885a10c0e15c7a60b0f9f2d0 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Wed, 15 Jul 2020 08:30:43 -0400 Subject: [PATCH 051/124] load templates for es for eval --- pillar/elasticsearch/eval.sls | 13 +++++++++++++ pillar/top.sls | 3 ++- 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 pillar/elasticsearch/eval.sls diff --git a/pillar/elasticsearch/eval.sls b/pillar/elasticsearch/eval.sls new file mode 100644 index 000000000..2dbb08f59 --- /dev/null +++ b/pillar/elasticsearch/eval.sls @@ -0,0 +1,13 @@ +elasticsearch: + templates: + - so/so-beats-template.json.jinja + - so/so-common-template.json + - so/so-firewall-template.json.jinja + - so/so-flow-template.json.jinja + - so/so-ids-template.json.jinja + - so/so-import-template.json.jinja + - so/so-osquery-template.json.jinja + - so/so-ossec-template.json.jinja + - so/so-strelka-template.json.jinja + - so/so-syslog-template.json.jinja + - so/so-zeek-template.json.jinja \ No newline at end of file diff --git a/pillar/top.sls b/pillar/top.sls index e3ae34f28..9ab170a97 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -31,11 +31,12 @@ base: - logstash.manager '*_eval': - - static - data.* - brologs - secrets - healthcheck.eval + - elasticsearch.eval + - static - minions.{{ grains.id }} '*_standalone': From 3c42f50e990fa5ce549e844d2e814547b5ff9686 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 15 Jul 2020 11:12:44 -0400 Subject: [PATCH 052/124] Ensure whiptail success/summary screen is final step before reboot --- setup/so-setup | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index e96b7edb6..149f4768d 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -626,18 +626,20 @@ success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}') if [[ $success != 0 ]]; then SO_ERROR=1; fi # evaluate success first so it doesn't check against the output of so-allow if [[ -n $SO_ERROR ]]; then + echo "Errors detected during setup; skipping post-setup steps to allow for analysis of failures." >> $setup_log 2>&1 SKIP_REBOOT=1 whiptail_setup_failed else - whiptail_setup_complete + if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then + echo "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}" >> $setup_log 2>&1 + IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 + fi + if [[ $THEHIVE == 1 ]]; then check_hive_init >> $setup_log 2>&1; fi -fi -if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then - echo "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}" - IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 -fi + install_cleanup >> $setup_log 2>&1 -install_cleanup >> $setup_log 2>&1 + whiptail_setup_complete +fi if [[ -z $SKIP_REBOOT ]]; then shutdown -r now; else exit; fi From d11ef08961bfec650efc58321d30eb35545d63ee Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 15 Jul 2020 12:37:04 -0400 Subject: [PATCH 053/124] Playbook anonymous perms fix --- salt/playbook/files/playbook_db_init.sql | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/salt/playbook/files/playbook_db_init.sql b/salt/playbook/files/playbook_db_init.sql index c74869e82..1b1535fe3 100644 --- a/salt/playbook/files/playbook_db_init.sql +++ b/salt/playbook/files/playbook_db_init.sql @@ -315,7 +315,7 @@ CREATE TABLE `custom_field_enumerations` ( `active` tinyint(1) NOT NULL DEFAULT '1', `position` int(11) NOT NULL DEFAULT '1', PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -455,7 +455,7 @@ CREATE TABLE `custom_values` ( PRIMARY KEY (`id`), KEY `custom_values_customized` (`customized_type`,`customized_id`), KEY `index_custom_values_on_custom_field_id` (`custom_field_id`) -) ENGINE=InnoDB AUTO_INCREMENT=120758 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=134139 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -825,7 +825,7 @@ CREATE TABLE `journal_details` ( `value` longtext, PRIMARY KEY (`id`), KEY `journal_details_journal_id` (`journal_id`) -) ENGINE=InnoDB AUTO_INCREMENT=2278 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -857,7 +857,7 @@ CREATE TABLE `journals` ( KEY `index_journals_on_user_id` (`user_id`), KEY `index_journals_on_journalized_id` (`journalized_id`), KEY `index_journals_on_created_on` (`created_on`) -) ENGINE=InnoDB AUTO_INCREMENT=7616 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=8218 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1310,7 +1310,7 @@ CREATE TABLE `settings` ( LOCK TABLES `settings` WRITE; /*!40000 ALTER TABLE `settings` DISABLE KEYS */; -INSERT INTO `settings` VALUES (1,'ui_theme','circle','2020-04-26 13:11:26'),(2,'default_language','en','2020-04-26 13:11:26'),(3,'force_default_language_for_anonymous','0','2020-04-26 13:11:26'),(4,'force_default_language_for_loggedin','0','2020-04-26 13:11:26'),(5,'start_of_week','','2020-04-26 13:11:26'),(6,'date_format','','2020-04-26 13:11:26'),(7,'time_format','','2020-04-26 13:11:26'),(8,'timespan_format','decimal','2020-04-26 13:11:26'),(9,'user_format','firstname_lastname','2020-05-02 12:45:00'),(10,'gravatar_enabled','1','2020-05-02 12:41:07'),(11,'thumbnails_enabled','1','2020-04-26 13:11:26'),(12,'thumbnails_size','100','2020-04-26 13:11:26'),(13,'new_item_menu_tab','0','2020-04-26 13:11:30'),(14,'login_required','0','2020-07-10 19:32:45'),(15,'autologin','0','2020-04-26 13:11:54'),(16,'self_registration','0','2020-04-26 13:11:54'),(17,'show_custom_fields_on_registration','0','2020-04-26 13:11:54'),(18,'password_min_length','8','2020-04-26 13:11:54'),(19,'password_required_char_classes','--- []\n','2020-04-26 13:11:54'),(20,'password_max_age','0','2020-04-26 13:11:54'),(21,'lost_password','1','2020-04-26 13:11:54'),(22,'openid','0','2020-04-26 13:11:55'),(23,'session_lifetime','0','2020-04-26 13:11:55'),(24,'session_timeout','0','2020-04-26 13:11:55'),(25,'rest_api_enabled','1','2020-04-26 13:11:58'),(26,'jsonp_enabled','0','2020-04-26 13:11:58'),(27,'default_projects_public','0','2020-04-26 13:12:21'),(28,'default_projects_modules','---\n- sigma_editor\n','2020-04-26 13:12:21'),(29,'default_projects_tracker_ids','--- []\n','2020-04-26 13:12:21'),(30,'sequential_project_identifiers','0','2020-04-26 13:12:21'),(31,'project_list_defaults','---\n:column_names:\n- name\n- identifier\n- short_description\n','2020-04-26 13:12:21'),(32,'app_title','Playbook','2020-04-26 18:17:51'),(33,'welcome_text','','2020-04-26 18:17:51'),(34,'per_page_options','25,75,150','2020-05-02 12:41:38'),(35,'search_results_per_page','10','2020-04-26 18:17:51'),(36,'activity_days_default','30','2020-04-26 18:17:51'),(37,'host_name','localhost:3000','2020-04-26 18:17:51'),(38,'protocol','http','2020-04-26 18:17:51'),(39,'text_formatting','textile','2020-04-26 18:17:51'),(40,'cache_formatted_text','0','2020-04-26 18:17:51'),(41,'wiki_compression','','2020-04-26 18:17:51'),(42,'feeds_limit','15','2020-04-26 18:17:51'),(43,'plugin_redmine_playbook','--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nproject: \'1\'\nconvert_url: http://10.66.166.141:7000/playbook/sigmac\ncreate_url: http://10.66.166.141:7000/playbook/play','2020-05-02 12:39:20'),(44,'cross_project_issue_relations','0','2020-05-01 16:27:33'),(45,'link_copied_issue','no','2020-05-01 16:27:33'),(46,'cross_project_subtasks','','2020-05-01 16:27:33'),(47,'close_duplicate_issues','0','2020-05-01 16:27:33'),(48,'issue_group_assignment','0','2020-05-01 16:27:33'),(49,'default_issue_start_date_to_creation_date','1','2020-05-01 16:27:33'),(50,'display_subprojects_issues','0','2020-05-01 16:27:33'),(51,'issue_done_ratio','issue_field','2020-05-01 16:27:33'),(52,'non_working_week_days','---\n- \'6\'\n- \'7\'\n','2020-05-01 16:27:33'),(53,'issues_export_limit','500','2020-05-01 16:27:33'),(54,'gantt_items_limit','500','2020-05-01 16:27:33'),(55,'gantt_months_limit','24','2020-05-01 16:27:33'),(56,'parent_issue_dates','derived','2020-05-01 16:27:33'),(57,'parent_issue_priority','derived','2020-05-01 16:27:33'),(58,'parent_issue_done_ratio','derived','2020-05-01 16:27:33'),(59,'issue_list_default_columns','---\n- status\n- cf_10\n- cf_13\n- cf_14\n- cf_1\n- updated_on\n','2020-05-01 19:32:13'),(60,'issue_list_default_totals','--- []\n','2020-05-01 16:27:33'),(61,'enabled_scm','--- []\n','2020-05-01 16:27:47'),(62,'autofetch_changesets','0','2020-05-01 16:27:47'),(63,'sys_api_enabled','0','2020-05-01 16:27:47'),(64,'repository_log_display_limit','100','2020-05-01 16:27:47'),(65,'commit_logs_formatting','1','2020-05-01 16:27:47'),(66,'commit_ref_keywords','refs,references,IssueID','2020-05-01 16:27:47'),(67,'commit_cross_project_ref','0','2020-05-01 16:27:47'),(68,'commit_logtime_enabled','0','2020-05-01 16:27:47'),(69,'commit_update_keywords','--- []\n','2020-05-01 16:27:47'),(70,'gravatar_default','','2020-05-02 12:41:07'); +INSERT INTO `settings` VALUES (1,'ui_theme','circle','2020-04-26 13:11:26'),(2,'default_language','en','2020-04-26 13:11:26'),(3,'force_default_language_for_anonymous','0','2020-04-26 13:11:26'),(4,'force_default_language_for_loggedin','0','2020-04-26 13:11:26'),(5,'start_of_week','','2020-04-26 13:11:26'),(6,'date_format','','2020-04-26 13:11:26'),(7,'time_format','','2020-04-26 13:11:26'),(8,'timespan_format','decimal','2020-04-26 13:11:26'),(9,'user_format','firstname_lastname','2020-05-02 12:45:00'),(10,'gravatar_enabled','1','2020-05-02 12:41:07'),(11,'thumbnails_enabled','1','2020-04-26 13:11:26'),(12,'thumbnails_size','100','2020-04-26 13:11:26'),(13,'new_item_menu_tab','0','2020-04-26 13:11:30'),(14,'login_required','0','2020-07-10 19:32:45'),(15,'autologin','0','2020-04-26 13:11:54'),(16,'self_registration','0','2020-04-26 13:11:54'),(17,'show_custom_fields_on_registration','0','2020-04-26 13:11:54'),(18,'password_min_length','8','2020-04-26 13:11:54'),(19,'password_required_char_classes','--- []\n','2020-04-26 13:11:54'),(20,'password_max_age','0','2020-04-26 13:11:54'),(21,'lost_password','1','2020-04-26 13:11:54'),(22,'openid','0','2020-04-26 13:11:55'),(23,'session_lifetime','0','2020-04-26 13:11:55'),(24,'session_timeout','0','2020-04-26 13:11:55'),(25,'rest_api_enabled','1','2020-04-26 13:11:58'),(26,'jsonp_enabled','0','2020-04-26 13:11:58'),(27,'default_projects_public','0','2020-04-26 13:12:21'),(28,'default_projects_modules','---\n- sigma_editor\n','2020-04-26 13:12:21'),(29,'default_projects_tracker_ids','--- []\n','2020-04-26 13:12:21'),(30,'sequential_project_identifiers','0','2020-04-26 13:12:21'),(31,'project_list_defaults','---\n:column_names:\n- name\n- identifier\n- short_description\n','2020-04-26 13:12:21'),(32,'app_title','Playbook','2020-04-26 18:17:51'),(33,'welcome_text','','2020-04-26 18:17:51'),(34,'per_page_options','25,75,150','2020-05-02 12:41:38'),(35,'search_results_per_page','10','2020-04-26 18:17:51'),(36,'activity_days_default','30','2020-04-26 18:17:51'),(37,'host_name','localhost:3000','2020-04-26 18:17:51'),(38,'protocol','http','2020-04-26 18:17:51'),(39,'text_formatting','textile','2020-04-26 18:17:51'),(40,'cache_formatted_text','0','2020-04-26 18:17:51'),(41,'wiki_compression','','2020-04-26 18:17:51'),(42,'feeds_limit','15','2020-04-26 18:17:51'),(43,'plugin_redmine_playbook','--- !ruby/hash:ActiveSupport::HashWithIndifferentAccess\nproject: \'1\'\nconvert_url: http://10.66.166.188:7000/playbook/sigmac\ncreate_url: http://10.66.166.188:7000/playbook/play','2020-05-02 12:39:20'),(44,'cross_project_issue_relations','0','2020-05-01 16:27:33'),(45,'link_copied_issue','no','2020-05-01 16:27:33'),(46,'cross_project_subtasks','','2020-05-01 16:27:33'),(47,'close_duplicate_issues','0','2020-05-01 16:27:33'),(48,'issue_group_assignment','0','2020-05-01 16:27:33'),(49,'default_issue_start_date_to_creation_date','1','2020-05-01 16:27:33'),(50,'display_subprojects_issues','0','2020-05-01 16:27:33'),(51,'issue_done_ratio','issue_field','2020-05-01 16:27:33'),(52,'non_working_week_days','---\n- \'6\'\n- \'7\'\n','2020-05-01 16:27:33'),(53,'issues_export_limit','500','2020-05-01 16:27:33'),(54,'gantt_items_limit','500','2020-05-01 16:27:33'),(55,'gantt_months_limit','24','2020-05-01 16:27:33'),(56,'parent_issue_dates','derived','2020-05-01 16:27:33'),(57,'parent_issue_priority','derived','2020-05-01 16:27:33'),(58,'parent_issue_done_ratio','derived','2020-05-01 16:27:33'),(59,'issue_list_default_columns','---\n- status\n- cf_10\n- cf_13\n- cf_14\n- cf_1\n- updated_on\n','2020-05-01 19:32:13'),(60,'issue_list_default_totals','--- []\n','2020-05-01 16:27:33'),(61,'enabled_scm','--- []\n','2020-05-01 16:27:47'),(62,'autofetch_changesets','0','2020-05-01 16:27:47'),(63,'sys_api_enabled','0','2020-05-01 16:27:47'),(64,'repository_log_display_limit','100','2020-05-01 16:27:47'),(65,'commit_logs_formatting','1','2020-05-01 16:27:47'),(66,'commit_ref_keywords','refs,references,IssueID','2020-05-01 16:27:47'),(67,'commit_cross_project_ref','0','2020-05-01 16:27:47'),(68,'commit_logtime_enabled','0','2020-05-01 16:27:47'),(69,'commit_update_keywords','--- []\n','2020-05-01 16:27:47'),(70,'gravatar_default','','2020-05-02 12:41:07'); /*!40000 ALTER TABLE `settings` ENABLE KEYS */; UNLOCK TABLES; @@ -1371,7 +1371,7 @@ CREATE TABLE `tokens` ( PRIMARY KEY (`id`), UNIQUE KEY `tokens_value` (`value`), KEY `index_tokens_on_user_id` (`user_id`) -) ENGINE=InnoDB AUTO_INCREMENT=72 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=62 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1380,7 +1380,7 @@ CREATE TABLE `tokens` ( LOCK TABLES `tokens` WRITE; /*!40000 ALTER TABLE `tokens` DISABLE KEYS */; -INSERT INTO `tokens` VALUES (3,1,'feeds','6e5575602e1227c188cd85ef6d12608bb8701193','2020-04-26 13:10:46','2020-04-26 13:10:46'),(4,1,'session','999412fa9badda7423c6c654d6364c32c20b3eac','2020-04-26 18:07:03','2020-04-26 18:12:02'),(5,1,'session','124ad4acbf87a942426350e7ad028c1d119c3851','2020-04-26 18:17:11','2020-04-26 18:19:24'),(9,1,'session','2890c663e0552f26ddb92acad6ab3b6d05b92915','2020-04-26 18:51:15','2020-04-26 18:51:15'),(19,1,'session','b7ffb106ea0b34650dd9c1770f74c2b0ffe166b2','2020-05-01 16:52:33','2020-05-01 18:02:30'),(20,1,'session','f44cfcf918eef59ffda47991c431d9c2b2ac6113','2020-05-01 18:05:56','2020-05-01 18:05:56'),(23,9,'feeds','211918c9d7168979b5dc19bebb14573b928a5067','2020-05-01 18:26:17','2020-05-01 18:26:17'),(25,9,'api','de6639318502476f2fa5aa06f43f51fb389a3d7f','2020-05-01 18:26:31','2020-05-01 18:26:31'),(46,1,'session','2d0c8f8ae641c06d8c2362746846440d465d53c0','2020-05-06 20:48:01','2020-05-06 20:48:07'),(59,1,'session','2afe6590653d59a697d1436729c64f322a2eff82','2020-07-01 18:11:07','2020-07-01 20:30:43'); +INSERT INTO `tokens` VALUES (3,1,'feeds','6e5575602e1227c188cd85ef6d12608bb8701193','2020-04-26 13:10:46','2020-04-26 13:10:46'),(4,1,'session','999412fa9badda7423c6c654d6364c32c20b3eac','2020-04-26 18:07:03','2020-04-26 18:12:02'),(5,1,'session','124ad4acbf87a942426350e7ad028c1d119c3851','2020-04-26 18:17:11','2020-04-26 18:19:24'),(9,1,'session','2890c663e0552f26ddb92acad6ab3b6d05b92915','2020-04-26 18:51:15','2020-04-26 18:51:15'),(19,1,'session','b7ffb106ea0b34650dd9c1770f74c2b0ffe166b2','2020-05-01 16:52:33','2020-05-01 18:02:30'),(20,1,'session','f44cfcf918eef59ffda47991c431d9c2b2ac6113','2020-05-01 18:05:56','2020-05-01 18:05:56'),(23,9,'feeds','211918c9d7168979b5dc19bebb14573b928a5067','2020-05-01 18:26:17','2020-05-01 18:26:17'),(25,9,'api','de6639318502476f2fa5aa06f43f51fb389a3d7f','2020-05-01 18:26:31','2020-05-01 18:26:31'),(46,1,'session','2d0c8f8ae641c06d8c2362746846440d465d53c0','2020-05-06 20:48:01','2020-05-06 20:48:07'),(59,1,'session','2afe6590653d59a697d1436729c64f322a2eff82','2020-07-01 18:11:07','2020-07-01 20:30:43'),(61,1,'session','b01f95709ca1ab086a049cf9c5afd81ca9d4526e','2020-07-15 16:30:42','2020-07-15 16:31:40'); /*!40000 ALTER TABLE `tokens` ENABLE KEYS */; UNLOCK TABLES; @@ -1481,7 +1481,7 @@ CREATE TABLE `users` ( LOCK TABLES `users` WRITE; /*!40000 ALTER TABLE `users` DISABLE KEYS */; -INSERT INTO `users` VALUES (1,'admin','95535e9f7a386c412f20134ebb869c00cf346477','Admin','Admin',1,1,'2020-07-10 23:37:45','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','5ceb2c95ce1593d4ba034d385ceefb2f',0,'2020-04-26 13:10:27'),(2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL),(3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL),(4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL),(5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL),(6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL),(7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL),(9,'automation','d2e7d78af1f0c0637765ae8cf1a359c4a30034c9','SecOps','Automation',0,1,'2020-05-01 18:26:17','en',NULL,'2020-04-26 18:47:46','2020-05-01 18:26:10','User',NULL,'none','41043e596f70e327e34fc99c861f5b31',0,'2020-05-01 18:26:10'); +INSERT INTO `users` VALUES (1,'admin','95535e9f7a386c412f20134ebb869c00cf346477','Admin','Admin',1,1,'2020-07-15 16:30:42','',NULL,'2020-04-26 13:08:34','2020-04-26 13:10:45','User',NULL,'all','5ceb2c95ce1593d4ba034d385ceefb2f',0,'2020-04-26 13:10:27'),(2,'','','','Anonymous users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupAnonymous',NULL,'',NULL,0,NULL),(3,'','','','Non member users',0,1,NULL,'',NULL,'2020-04-26 13:08:38','2020-04-26 13:08:38','GroupNonMember',NULL,'',NULL,0,NULL),(4,'','','','Anonymous',0,0,NULL,'',NULL,'2020-04-26 13:09:44','2020-04-26 13:09:44','AnonymousUser',NULL,'only_my_events',NULL,0,NULL),(5,'','','','Analysts',0,1,NULL,'',NULL,'2020-04-26 18:43:40','2020-04-26 18:43:40','Group',NULL,'',NULL,0,NULL),(6,'','','','Automation',0,1,NULL,'',NULL,'2020-04-26 18:43:47','2020-04-26 18:43:47','Group',NULL,'',NULL,0,NULL),(7,'','','','Admins',0,1,NULL,'',NULL,'2020-04-26 18:43:58','2020-04-26 18:43:58','Group',NULL,'',NULL,0,NULL),(9,'automation','d2e7d78af1f0c0637765ae8cf1a359c4a30034c9','SecOps','Automation',0,1,'2020-05-01 18:26:17','en',NULL,'2020-04-26 18:47:46','2020-05-01 18:26:10','User',NULL,'none','41043e596f70e327e34fc99c861f5b31',0,'2020-05-01 18:26:10'); /*!40000 ALTER TABLE `users` ENABLE KEYS */; UNLOCK TABLES; @@ -1567,7 +1567,7 @@ CREATE TABLE `webhooks` ( LOCK TABLES `webhooks` WRITE; /*!40000 ALTER TABLE `webhooks` DISABLE KEYS */; -INSERT INTO `webhooks` VALUES (1,'http://10.66.166.141:7000/playbook/webhook',1); +INSERT INTO `webhooks` VALUES (1,'http://10.66.166.188:7000/playbook/webhook',1); /*!40000 ALTER TABLE `webhooks` ENABLE KEYS */; UNLOCK TABLES; @@ -1742,7 +1742,7 @@ CREATE TABLE `workflows` ( KEY `index_workflows_on_role_id` (`role_id`), KEY `index_workflows_on_new_status_id` (`new_status_id`), KEY `index_workflows_on_tracker_id` (`tracker_id`) -) ENGINE=InnoDB AUTO_INCREMENT=642 DEFAULT CHARSET=latin1; +) ENGINE=InnoDB AUTO_INCREMENT=648 DEFAULT CHARSET=latin1; /*!40101 SET character_set_client = @saved_cs_client */; -- @@ -1751,7 +1751,7 @@ CREATE TABLE `workflows` ( LOCK TABLES `workflows` WRITE; /*!40000 ALTER TABLE `workflows` DISABLE KEYS */; -INSERT INTO `workflows` VALUES (132,1,2,0,3,0,0,'WorkflowPermission','14','readonly'),(134,1,2,0,3,0,0,'WorkflowPermission','16','readonly'),(151,1,3,0,3,0,0,'WorkflowPermission','14','readonly'),(153,1,3,0,3,0,0,'WorkflowPermission','16','readonly'),(170,1,4,0,3,0,0,'WorkflowPermission','14','readonly'),(172,1,4,0,3,0,0,'WorkflowPermission','16','readonly'),(189,1,5,0,3,0,0,'WorkflowPermission','14','readonly'),(191,1,5,0,3,0,0,'WorkflowPermission','16','readonly'),(208,1,6,0,3,0,0,'WorkflowPermission','14','readonly'),(210,1,6,0,3,0,0,'WorkflowPermission','16','readonly'),(220,1,2,3,3,0,0,'WorkflowTransition',NULL,NULL),(221,1,2,3,4,0,0,'WorkflowTransition',NULL,NULL),(222,1,2,3,5,0,0,'WorkflowTransition',NULL,NULL),(223,1,2,6,3,0,0,'WorkflowTransition',NULL,NULL),(224,1,2,6,4,0,0,'WorkflowTransition',NULL,NULL),(225,1,2,6,5,0,0,'WorkflowTransition',NULL,NULL),(226,1,3,4,3,0,0,'WorkflowTransition',NULL,NULL),(227,1,3,4,4,0,0,'WorkflowTransition',NULL,NULL),(228,1,3,4,5,0,0,'WorkflowTransition',NULL,NULL),(229,1,4,5,3,0,0,'WorkflowTransition',NULL,NULL),(230,1,4,5,4,0,0,'WorkflowTransition',NULL,NULL),(231,1,4,5,5,0,0,'WorkflowTransition',NULL,NULL),(232,1,4,6,3,0,0,'WorkflowTransition',NULL,NULL),(233,1,4,6,4,0,0,'WorkflowTransition',NULL,NULL),(234,1,4,6,5,0,0,'WorkflowTransition',NULL,NULL),(235,1,6,3,3,0,0,'WorkflowTransition',NULL,NULL),(236,1,6,3,4,0,0,'WorkflowTransition',NULL,NULL),(237,1,6,3,5,0,0,'WorkflowTransition',NULL,NULL),(239,1,2,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(240,1,3,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(241,1,4,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(242,1,5,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(243,1,6,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(244,1,0,2,5,0,0,'WorkflowTransition',NULL,NULL),(245,1,0,2,4,0,0,'WorkflowTransition',NULL,NULL),(246,1,0,6,5,0,0,'WorkflowTransition',NULL,NULL),(352,1,2,0,3,0,0,'WorkflowPermission','project_id','readonly'),(353,1,2,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(354,1,2,0,3,0,0,'WorkflowPermission','subject','readonly'),(355,1,2,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(356,1,2,0,3,0,0,'WorkflowPermission','is_private','readonly'),(357,1,2,0,3,0,0,'WorkflowPermission','description','readonly'),(358,1,2,0,3,0,0,'WorkflowPermission','1','readonly'),(359,1,2,0,3,0,0,'WorkflowPermission','2','readonly'),(360,1,2,0,3,0,0,'WorkflowPermission','10','readonly'),(361,1,2,0,3,0,0,'WorkflowPermission','20','readonly'),(362,1,2,0,3,0,0,'WorkflowPermission','8','readonly'),(363,1,2,0,3,0,0,'WorkflowPermission','15','readonly'),(364,1,2,0,3,0,0,'WorkflowPermission','11','readonly'),(365,1,2,0,3,0,0,'WorkflowPermission','12','readonly'),(366,1,2,0,3,0,0,'WorkflowPermission','19','readonly'),(367,1,2,0,3,0,0,'WorkflowPermission','7','readonly'),(368,1,2,0,3,0,0,'WorkflowPermission','3','readonly'),(369,1,2,0,3,0,0,'WorkflowPermission','5','readonly'),(370,1,2,0,3,0,0,'WorkflowPermission','6','readonly'),(371,1,2,0,3,0,0,'WorkflowPermission','22','readonly'),(372,1,3,0,3,0,0,'WorkflowPermission','project_id','readonly'),(373,1,3,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(374,1,3,0,3,0,0,'WorkflowPermission','subject','readonly'),(375,1,3,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(376,1,3,0,3,0,0,'WorkflowPermission','is_private','readonly'),(377,1,3,0,3,0,0,'WorkflowPermission','description','readonly'),(378,1,3,0,3,0,0,'WorkflowPermission','1','readonly'),(379,1,3,0,3,0,0,'WorkflowPermission','2','readonly'),(380,1,3,0,3,0,0,'WorkflowPermission','10','readonly'),(381,1,3,0,3,0,0,'WorkflowPermission','20','readonly'),(382,1,3,0,3,0,0,'WorkflowPermission','8','readonly'),(383,1,3,0,3,0,0,'WorkflowPermission','15','readonly'),(384,1,3,0,3,0,0,'WorkflowPermission','11','readonly'),(385,1,3,0,3,0,0,'WorkflowPermission','12','readonly'),(386,1,3,0,3,0,0,'WorkflowPermission','19','readonly'),(387,1,3,0,3,0,0,'WorkflowPermission','7','readonly'),(388,1,3,0,3,0,0,'WorkflowPermission','3','readonly'),(389,1,3,0,3,0,0,'WorkflowPermission','5','readonly'),(390,1,3,0,3,0,0,'WorkflowPermission','6','readonly'),(391,1,3,0,3,0,0,'WorkflowPermission','22','readonly'),(392,1,4,0,3,0,0,'WorkflowPermission','project_id','readonly'),(393,1,4,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(394,1,4,0,3,0,0,'WorkflowPermission','subject','readonly'),(395,1,4,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(396,1,4,0,3,0,0,'WorkflowPermission','is_private','readonly'),(397,1,4,0,3,0,0,'WorkflowPermission','description','readonly'),(398,1,4,0,3,0,0,'WorkflowPermission','1','readonly'),(399,1,4,0,3,0,0,'WorkflowPermission','2','readonly'),(400,1,4,0,3,0,0,'WorkflowPermission','10','readonly'),(401,1,4,0,3,0,0,'WorkflowPermission','20','readonly'),(402,1,4,0,3,0,0,'WorkflowPermission','8','readonly'),(403,1,4,0,3,0,0,'WorkflowPermission','15','readonly'),(404,1,4,0,3,0,0,'WorkflowPermission','11','readonly'),(405,1,4,0,3,0,0,'WorkflowPermission','12','readonly'),(406,1,4,0,3,0,0,'WorkflowPermission','19','readonly'),(407,1,4,0,3,0,0,'WorkflowPermission','7','readonly'),(408,1,4,0,3,0,0,'WorkflowPermission','3','readonly'),(409,1,4,0,3,0,0,'WorkflowPermission','5','readonly'),(410,1,4,0,3,0,0,'WorkflowPermission','6','readonly'),(411,1,4,0,3,0,0,'WorkflowPermission','22','readonly'),(412,1,5,0,3,0,0,'WorkflowPermission','project_id','readonly'),(413,1,5,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(414,1,5,0,3,0,0,'WorkflowPermission','subject','readonly'),(415,1,5,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(416,1,5,0,3,0,0,'WorkflowPermission','is_private','readonly'),(417,1,5,0,3,0,0,'WorkflowPermission','description','readonly'),(418,1,5,0,3,0,0,'WorkflowPermission','1','readonly'),(419,1,5,0,3,0,0,'WorkflowPermission','2','readonly'),(420,1,5,0,3,0,0,'WorkflowPermission','10','readonly'),(421,1,5,0,3,0,0,'WorkflowPermission','20','readonly'),(422,1,5,0,3,0,0,'WorkflowPermission','8','readonly'),(423,1,5,0,3,0,0,'WorkflowPermission','15','readonly'),(424,1,5,0,3,0,0,'WorkflowPermission','11','readonly'),(425,1,5,0,3,0,0,'WorkflowPermission','12','readonly'),(426,1,5,0,3,0,0,'WorkflowPermission','19','readonly'),(427,1,5,0,3,0,0,'WorkflowPermission','7','readonly'),(428,1,5,0,3,0,0,'WorkflowPermission','3','readonly'),(429,1,5,0,3,0,0,'WorkflowPermission','5','readonly'),(430,1,5,0,3,0,0,'WorkflowPermission','6','readonly'),(431,1,5,0,3,0,0,'WorkflowPermission','22','readonly'),(432,1,6,0,3,0,0,'WorkflowPermission','project_id','readonly'),(433,1,6,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(434,1,6,0,3,0,0,'WorkflowPermission','subject','readonly'),(435,1,6,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(436,1,6,0,3,0,0,'WorkflowPermission','is_private','readonly'),(437,1,6,0,3,0,0,'WorkflowPermission','description','readonly'),(438,1,6,0,3,0,0,'WorkflowPermission','1','readonly'),(439,1,6,0,3,0,0,'WorkflowPermission','2','readonly'),(440,1,6,0,3,0,0,'WorkflowPermission','10','readonly'),(441,1,6,0,3,0,0,'WorkflowPermission','20','readonly'),(442,1,6,0,3,0,0,'WorkflowPermission','8','readonly'),(443,1,6,0,3,0,0,'WorkflowPermission','15','readonly'),(444,1,6,0,3,0,0,'WorkflowPermission','11','readonly'),(445,1,6,0,3,0,0,'WorkflowPermission','12','readonly'),(446,1,6,0,3,0,0,'WorkflowPermission','19','readonly'),(447,1,6,0,3,0,0,'WorkflowPermission','7','readonly'),(448,1,6,0,3,0,0,'WorkflowPermission','3','readonly'),(449,1,6,0,3,0,0,'WorkflowPermission','5','readonly'),(450,1,6,0,3,0,0,'WorkflowPermission','6','readonly'),(451,1,6,0,3,0,0,'WorkflowPermission','22','readonly'),(537,1,2,0,2,0,0,'WorkflowPermission','project_id','readonly'),(538,1,2,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(539,1,2,0,2,0,0,'WorkflowPermission','subject','readonly'),(540,1,2,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(541,1,2,0,2,0,0,'WorkflowPermission','is_private','readonly'),(542,1,2,0,2,0,0,'WorkflowPermission','description','readonly'),(543,1,2,0,2,0,0,'WorkflowPermission','1','readonly'),(544,1,2,0,2,0,0,'WorkflowPermission','2','readonly'),(545,1,2,0,2,0,0,'WorkflowPermission','10','readonly'),(546,1,2,0,2,0,0,'WorkflowPermission','20','readonly'),(547,1,2,0,2,0,0,'WorkflowPermission','8','readonly'),(548,1,2,0,2,0,0,'WorkflowPermission','15','readonly'),(549,1,2,0,2,0,0,'WorkflowPermission','11','readonly'),(550,1,2,0,2,0,0,'WorkflowPermission','12','readonly'),(551,1,2,0,2,0,0,'WorkflowPermission','19','readonly'),(552,1,2,0,2,0,0,'WorkflowPermission','17','readonly'),(553,1,2,0,2,0,0,'WorkflowPermission','7','readonly'),(554,1,2,0,2,0,0,'WorkflowPermission','3','readonly'),(555,1,2,0,2,0,0,'WorkflowPermission','5','readonly'),(556,1,2,0,2,0,0,'WorkflowPermission','6','readonly'),(557,1,2,0,2,0,0,'WorkflowPermission','22','readonly'),(558,1,3,0,2,0,0,'WorkflowPermission','project_id','readonly'),(559,1,3,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(560,1,3,0,2,0,0,'WorkflowPermission','subject','readonly'),(561,1,3,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(562,1,3,0,2,0,0,'WorkflowPermission','is_private','readonly'),(563,1,3,0,2,0,0,'WorkflowPermission','description','readonly'),(564,1,3,0,2,0,0,'WorkflowPermission','1','readonly'),(565,1,3,0,2,0,0,'WorkflowPermission','2','readonly'),(566,1,3,0,2,0,0,'WorkflowPermission','10','readonly'),(567,1,3,0,2,0,0,'WorkflowPermission','20','readonly'),(568,1,3,0,2,0,0,'WorkflowPermission','8','readonly'),(569,1,3,0,2,0,0,'WorkflowPermission','15','readonly'),(570,1,3,0,2,0,0,'WorkflowPermission','11','readonly'),(571,1,3,0,2,0,0,'WorkflowPermission','12','readonly'),(572,1,3,0,2,0,0,'WorkflowPermission','19','readonly'),(573,1,3,0,2,0,0,'WorkflowPermission','17','readonly'),(574,1,3,0,2,0,0,'WorkflowPermission','7','readonly'),(575,1,3,0,2,0,0,'WorkflowPermission','3','readonly'),(576,1,3,0,2,0,0,'WorkflowPermission','5','readonly'),(577,1,3,0,2,0,0,'WorkflowPermission','6','readonly'),(578,1,3,0,2,0,0,'WorkflowPermission','22','readonly'),(579,1,4,0,2,0,0,'WorkflowPermission','project_id','readonly'),(580,1,4,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(581,1,4,0,2,0,0,'WorkflowPermission','subject','readonly'),(582,1,4,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(583,1,4,0,2,0,0,'WorkflowPermission','is_private','readonly'),(584,1,4,0,2,0,0,'WorkflowPermission','description','readonly'),(585,1,4,0,2,0,0,'WorkflowPermission','1','readonly'),(586,1,4,0,2,0,0,'WorkflowPermission','2','readonly'),(587,1,4,0,2,0,0,'WorkflowPermission','10','readonly'),(588,1,4,0,2,0,0,'WorkflowPermission','20','readonly'),(589,1,4,0,2,0,0,'WorkflowPermission','8','readonly'),(590,1,4,0,2,0,0,'WorkflowPermission','15','readonly'),(591,1,4,0,2,0,0,'WorkflowPermission','11','readonly'),(592,1,4,0,2,0,0,'WorkflowPermission','12','readonly'),(593,1,4,0,2,0,0,'WorkflowPermission','19','readonly'),(594,1,4,0,2,0,0,'WorkflowPermission','17','readonly'),(595,1,4,0,2,0,0,'WorkflowPermission','7','readonly'),(596,1,4,0,2,0,0,'WorkflowPermission','3','readonly'),(597,1,4,0,2,0,0,'WorkflowPermission','5','readonly'),(598,1,4,0,2,0,0,'WorkflowPermission','6','readonly'),(599,1,4,0,2,0,0,'WorkflowPermission','22','readonly'),(600,1,5,0,2,0,0,'WorkflowPermission','project_id','readonly'),(601,1,5,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(602,1,5,0,2,0,0,'WorkflowPermission','subject','readonly'),(603,1,5,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(604,1,5,0,2,0,0,'WorkflowPermission','is_private','readonly'),(605,1,5,0,2,0,0,'WorkflowPermission','description','readonly'),(606,1,5,0,2,0,0,'WorkflowPermission','1','readonly'),(607,1,5,0,2,0,0,'WorkflowPermission','2','readonly'),(608,1,5,0,2,0,0,'WorkflowPermission','10','readonly'),(609,1,5,0,2,0,0,'WorkflowPermission','20','readonly'),(610,1,5,0,2,0,0,'WorkflowPermission','8','readonly'),(611,1,5,0,2,0,0,'WorkflowPermission','15','readonly'),(612,1,5,0,2,0,0,'WorkflowPermission','11','readonly'),(613,1,5,0,2,0,0,'WorkflowPermission','12','readonly'),(614,1,5,0,2,0,0,'WorkflowPermission','19','readonly'),(615,1,5,0,2,0,0,'WorkflowPermission','17','readonly'),(616,1,5,0,2,0,0,'WorkflowPermission','7','readonly'),(617,1,5,0,2,0,0,'WorkflowPermission','3','readonly'),(618,1,5,0,2,0,0,'WorkflowPermission','5','readonly'),(619,1,5,0,2,0,0,'WorkflowPermission','6','readonly'),(620,1,5,0,2,0,0,'WorkflowPermission','22','readonly'),(621,1,6,0,2,0,0,'WorkflowPermission','project_id','readonly'),(622,1,6,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(623,1,6,0,2,0,0,'WorkflowPermission','subject','readonly'),(624,1,6,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(625,1,6,0,2,0,0,'WorkflowPermission','is_private','readonly'),(626,1,6,0,2,0,0,'WorkflowPermission','description','readonly'),(627,1,6,0,2,0,0,'WorkflowPermission','1','readonly'),(628,1,6,0,2,0,0,'WorkflowPermission','2','readonly'),(629,1,6,0,2,0,0,'WorkflowPermission','10','readonly'),(630,1,6,0,2,0,0,'WorkflowPermission','20','readonly'),(631,1,6,0,2,0,0,'WorkflowPermission','8','readonly'),(632,1,6,0,2,0,0,'WorkflowPermission','15','readonly'),(633,1,6,0,2,0,0,'WorkflowPermission','11','readonly'),(634,1,6,0,2,0,0,'WorkflowPermission','12','readonly'),(635,1,6,0,2,0,0,'WorkflowPermission','19','readonly'),(636,1,6,0,2,0,0,'WorkflowPermission','17','readonly'),(637,1,6,0,2,0,0,'WorkflowPermission','7','readonly'),(638,1,6,0,2,0,0,'WorkflowPermission','3','readonly'),(639,1,6,0,2,0,0,'WorkflowPermission','5','readonly'),(640,1,6,0,2,0,0,'WorkflowPermission','6','readonly'),(641,1,6,0,2,0,0,'WorkflowPermission','22','readonly'); +INSERT INTO `workflows` VALUES (132,1,2,0,3,0,0,'WorkflowPermission','14','readonly'),(134,1,2,0,3,0,0,'WorkflowPermission','16','readonly'),(151,1,3,0,3,0,0,'WorkflowPermission','14','readonly'),(153,1,3,0,3,0,0,'WorkflowPermission','16','readonly'),(170,1,4,0,3,0,0,'WorkflowPermission','14','readonly'),(172,1,4,0,3,0,0,'WorkflowPermission','16','readonly'),(189,1,5,0,3,0,0,'WorkflowPermission','14','readonly'),(191,1,5,0,3,0,0,'WorkflowPermission','16','readonly'),(208,1,6,0,3,0,0,'WorkflowPermission','14','readonly'),(210,1,6,0,3,0,0,'WorkflowPermission','16','readonly'),(220,1,2,3,3,0,0,'WorkflowTransition',NULL,NULL),(221,1,2,3,4,0,0,'WorkflowTransition',NULL,NULL),(222,1,2,3,5,0,0,'WorkflowTransition',NULL,NULL),(223,1,2,6,3,0,0,'WorkflowTransition',NULL,NULL),(224,1,2,6,4,0,0,'WorkflowTransition',NULL,NULL),(225,1,2,6,5,0,0,'WorkflowTransition',NULL,NULL),(226,1,3,4,3,0,0,'WorkflowTransition',NULL,NULL),(227,1,3,4,4,0,0,'WorkflowTransition',NULL,NULL),(228,1,3,4,5,0,0,'WorkflowTransition',NULL,NULL),(229,1,4,5,3,0,0,'WorkflowTransition',NULL,NULL),(230,1,4,5,4,0,0,'WorkflowTransition',NULL,NULL),(231,1,4,5,5,0,0,'WorkflowTransition',NULL,NULL),(232,1,4,6,3,0,0,'WorkflowTransition',NULL,NULL),(233,1,4,6,4,0,0,'WorkflowTransition',NULL,NULL),(234,1,4,6,5,0,0,'WorkflowTransition',NULL,NULL),(235,1,6,3,3,0,0,'WorkflowTransition',NULL,NULL),(236,1,6,3,4,0,0,'WorkflowTransition',NULL,NULL),(237,1,6,3,5,0,0,'WorkflowTransition',NULL,NULL),(239,1,2,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(240,1,3,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(241,1,4,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(242,1,5,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(243,1,6,0,4,0,0,'WorkflowPermission','priority_id','readonly'),(244,1,0,2,5,0,0,'WorkflowTransition',NULL,NULL),(245,1,0,2,4,0,0,'WorkflowTransition',NULL,NULL),(246,1,0,6,5,0,0,'WorkflowTransition',NULL,NULL),(352,1,2,0,3,0,0,'WorkflowPermission','project_id','readonly'),(353,1,2,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(354,1,2,0,3,0,0,'WorkflowPermission','subject','readonly'),(355,1,2,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(356,1,2,0,3,0,0,'WorkflowPermission','is_private','readonly'),(357,1,2,0,3,0,0,'WorkflowPermission','description','readonly'),(358,1,2,0,3,0,0,'WorkflowPermission','1','readonly'),(359,1,2,0,3,0,0,'WorkflowPermission','2','readonly'),(360,1,2,0,3,0,0,'WorkflowPermission','10','readonly'),(361,1,2,0,3,0,0,'WorkflowPermission','20','readonly'),(362,1,2,0,3,0,0,'WorkflowPermission','8','readonly'),(363,1,2,0,3,0,0,'WorkflowPermission','15','readonly'),(364,1,2,0,3,0,0,'WorkflowPermission','11','readonly'),(365,1,2,0,3,0,0,'WorkflowPermission','12','readonly'),(366,1,2,0,3,0,0,'WorkflowPermission','19','readonly'),(367,1,2,0,3,0,0,'WorkflowPermission','7','readonly'),(368,1,2,0,3,0,0,'WorkflowPermission','3','readonly'),(369,1,2,0,3,0,0,'WorkflowPermission','5','readonly'),(370,1,2,0,3,0,0,'WorkflowPermission','6','readonly'),(371,1,2,0,3,0,0,'WorkflowPermission','22','readonly'),(372,1,3,0,3,0,0,'WorkflowPermission','project_id','readonly'),(373,1,3,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(374,1,3,0,3,0,0,'WorkflowPermission','subject','readonly'),(375,1,3,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(376,1,3,0,3,0,0,'WorkflowPermission','is_private','readonly'),(377,1,3,0,3,0,0,'WorkflowPermission','description','readonly'),(378,1,3,0,3,0,0,'WorkflowPermission','1','readonly'),(379,1,3,0,3,0,0,'WorkflowPermission','2','readonly'),(380,1,3,0,3,0,0,'WorkflowPermission','10','readonly'),(381,1,3,0,3,0,0,'WorkflowPermission','20','readonly'),(382,1,3,0,3,0,0,'WorkflowPermission','8','readonly'),(383,1,3,0,3,0,0,'WorkflowPermission','15','readonly'),(384,1,3,0,3,0,0,'WorkflowPermission','11','readonly'),(385,1,3,0,3,0,0,'WorkflowPermission','12','readonly'),(386,1,3,0,3,0,0,'WorkflowPermission','19','readonly'),(387,1,3,0,3,0,0,'WorkflowPermission','7','readonly'),(388,1,3,0,3,0,0,'WorkflowPermission','3','readonly'),(389,1,3,0,3,0,0,'WorkflowPermission','5','readonly'),(390,1,3,0,3,0,0,'WorkflowPermission','6','readonly'),(391,1,3,0,3,0,0,'WorkflowPermission','22','readonly'),(392,1,4,0,3,0,0,'WorkflowPermission','project_id','readonly'),(393,1,4,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(394,1,4,0,3,0,0,'WorkflowPermission','subject','readonly'),(395,1,4,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(396,1,4,0,3,0,0,'WorkflowPermission','is_private','readonly'),(397,1,4,0,3,0,0,'WorkflowPermission','description','readonly'),(398,1,4,0,3,0,0,'WorkflowPermission','1','readonly'),(399,1,4,0,3,0,0,'WorkflowPermission','2','readonly'),(400,1,4,0,3,0,0,'WorkflowPermission','10','readonly'),(401,1,4,0,3,0,0,'WorkflowPermission','20','readonly'),(402,1,4,0,3,0,0,'WorkflowPermission','8','readonly'),(403,1,4,0,3,0,0,'WorkflowPermission','15','readonly'),(404,1,4,0,3,0,0,'WorkflowPermission','11','readonly'),(405,1,4,0,3,0,0,'WorkflowPermission','12','readonly'),(406,1,4,0,3,0,0,'WorkflowPermission','19','readonly'),(407,1,4,0,3,0,0,'WorkflowPermission','7','readonly'),(408,1,4,0,3,0,0,'WorkflowPermission','3','readonly'),(409,1,4,0,3,0,0,'WorkflowPermission','5','readonly'),(410,1,4,0,3,0,0,'WorkflowPermission','6','readonly'),(411,1,4,0,3,0,0,'WorkflowPermission','22','readonly'),(412,1,5,0,3,0,0,'WorkflowPermission','project_id','readonly'),(413,1,5,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(414,1,5,0,3,0,0,'WorkflowPermission','subject','readonly'),(415,1,5,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(416,1,5,0,3,0,0,'WorkflowPermission','is_private','readonly'),(417,1,5,0,3,0,0,'WorkflowPermission','description','readonly'),(418,1,5,0,3,0,0,'WorkflowPermission','1','readonly'),(419,1,5,0,3,0,0,'WorkflowPermission','2','readonly'),(420,1,5,0,3,0,0,'WorkflowPermission','10','readonly'),(421,1,5,0,3,0,0,'WorkflowPermission','20','readonly'),(422,1,5,0,3,0,0,'WorkflowPermission','8','readonly'),(423,1,5,0,3,0,0,'WorkflowPermission','15','readonly'),(424,1,5,0,3,0,0,'WorkflowPermission','11','readonly'),(425,1,5,0,3,0,0,'WorkflowPermission','12','readonly'),(426,1,5,0,3,0,0,'WorkflowPermission','19','readonly'),(427,1,5,0,3,0,0,'WorkflowPermission','7','readonly'),(428,1,5,0,3,0,0,'WorkflowPermission','3','readonly'),(429,1,5,0,3,0,0,'WorkflowPermission','5','readonly'),(430,1,5,0,3,0,0,'WorkflowPermission','6','readonly'),(431,1,5,0,3,0,0,'WorkflowPermission','22','readonly'),(432,1,6,0,3,0,0,'WorkflowPermission','project_id','readonly'),(433,1,6,0,3,0,0,'WorkflowPermission','tracker_id','readonly'),(434,1,6,0,3,0,0,'WorkflowPermission','subject','readonly'),(435,1,6,0,3,0,0,'WorkflowPermission','priority_id','readonly'),(436,1,6,0,3,0,0,'WorkflowPermission','is_private','readonly'),(437,1,6,0,3,0,0,'WorkflowPermission','description','readonly'),(438,1,6,0,3,0,0,'WorkflowPermission','1','readonly'),(439,1,6,0,3,0,0,'WorkflowPermission','2','readonly'),(440,1,6,0,3,0,0,'WorkflowPermission','10','readonly'),(441,1,6,0,3,0,0,'WorkflowPermission','20','readonly'),(442,1,6,0,3,0,0,'WorkflowPermission','8','readonly'),(443,1,6,0,3,0,0,'WorkflowPermission','15','readonly'),(444,1,6,0,3,0,0,'WorkflowPermission','11','readonly'),(445,1,6,0,3,0,0,'WorkflowPermission','12','readonly'),(446,1,6,0,3,0,0,'WorkflowPermission','19','readonly'),(447,1,6,0,3,0,0,'WorkflowPermission','7','readonly'),(448,1,6,0,3,0,0,'WorkflowPermission','3','readonly'),(449,1,6,0,3,0,0,'WorkflowPermission','5','readonly'),(450,1,6,0,3,0,0,'WorkflowPermission','6','readonly'),(451,1,6,0,3,0,0,'WorkflowPermission','22','readonly'),(537,1,2,0,2,0,0,'WorkflowPermission','project_id','readonly'),(538,1,2,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(539,1,2,0,2,0,0,'WorkflowPermission','subject','readonly'),(540,1,2,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(541,1,2,0,2,0,0,'WorkflowPermission','is_private','readonly'),(542,1,2,0,2,0,0,'WorkflowPermission','description','readonly'),(543,1,2,0,2,0,0,'WorkflowPermission','1','readonly'),(544,1,2,0,2,0,0,'WorkflowPermission','2','readonly'),(545,1,2,0,2,0,0,'WorkflowPermission','10','readonly'),(546,1,2,0,2,0,0,'WorkflowPermission','20','readonly'),(547,1,2,0,2,0,0,'WorkflowPermission','8','readonly'),(548,1,2,0,2,0,0,'WorkflowPermission','15','readonly'),(549,1,2,0,2,0,0,'WorkflowPermission','11','readonly'),(550,1,2,0,2,0,0,'WorkflowPermission','12','readonly'),(551,1,2,0,2,0,0,'WorkflowPermission','19','readonly'),(552,1,2,0,2,0,0,'WorkflowPermission','17','readonly'),(553,1,2,0,2,0,0,'WorkflowPermission','7','readonly'),(554,1,2,0,2,0,0,'WorkflowPermission','3','readonly'),(555,1,2,0,2,0,0,'WorkflowPermission','5','readonly'),(556,1,2,0,2,0,0,'WorkflowPermission','6','readonly'),(557,1,2,0,2,0,0,'WorkflowPermission','22','readonly'),(558,1,3,0,2,0,0,'WorkflowPermission','project_id','readonly'),(559,1,3,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(560,1,3,0,2,0,0,'WorkflowPermission','subject','readonly'),(561,1,3,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(562,1,3,0,2,0,0,'WorkflowPermission','is_private','readonly'),(563,1,3,0,2,0,0,'WorkflowPermission','description','readonly'),(564,1,3,0,2,0,0,'WorkflowPermission','1','readonly'),(565,1,3,0,2,0,0,'WorkflowPermission','2','readonly'),(566,1,3,0,2,0,0,'WorkflowPermission','10','readonly'),(567,1,3,0,2,0,0,'WorkflowPermission','20','readonly'),(568,1,3,0,2,0,0,'WorkflowPermission','8','readonly'),(569,1,3,0,2,0,0,'WorkflowPermission','15','readonly'),(570,1,3,0,2,0,0,'WorkflowPermission','11','readonly'),(571,1,3,0,2,0,0,'WorkflowPermission','12','readonly'),(572,1,3,0,2,0,0,'WorkflowPermission','19','readonly'),(573,1,3,0,2,0,0,'WorkflowPermission','17','readonly'),(574,1,3,0,2,0,0,'WorkflowPermission','7','readonly'),(575,1,3,0,2,0,0,'WorkflowPermission','3','readonly'),(576,1,3,0,2,0,0,'WorkflowPermission','5','readonly'),(577,1,3,0,2,0,0,'WorkflowPermission','6','readonly'),(578,1,3,0,2,0,0,'WorkflowPermission','22','readonly'),(579,1,4,0,2,0,0,'WorkflowPermission','project_id','readonly'),(580,1,4,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(581,1,4,0,2,0,0,'WorkflowPermission','subject','readonly'),(582,1,4,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(583,1,4,0,2,0,0,'WorkflowPermission','is_private','readonly'),(584,1,4,0,2,0,0,'WorkflowPermission','description','readonly'),(585,1,4,0,2,0,0,'WorkflowPermission','1','readonly'),(586,1,4,0,2,0,0,'WorkflowPermission','2','readonly'),(587,1,4,0,2,0,0,'WorkflowPermission','10','readonly'),(588,1,4,0,2,0,0,'WorkflowPermission','20','readonly'),(589,1,4,0,2,0,0,'WorkflowPermission','8','readonly'),(590,1,4,0,2,0,0,'WorkflowPermission','15','readonly'),(591,1,4,0,2,0,0,'WorkflowPermission','11','readonly'),(592,1,4,0,2,0,0,'WorkflowPermission','12','readonly'),(593,1,4,0,2,0,0,'WorkflowPermission','19','readonly'),(594,1,4,0,2,0,0,'WorkflowPermission','17','readonly'),(595,1,4,0,2,0,0,'WorkflowPermission','7','readonly'),(596,1,4,0,2,0,0,'WorkflowPermission','3','readonly'),(597,1,4,0,2,0,0,'WorkflowPermission','5','readonly'),(598,1,4,0,2,0,0,'WorkflowPermission','6','readonly'),(599,1,4,0,2,0,0,'WorkflowPermission','22','readonly'),(600,1,5,0,2,0,0,'WorkflowPermission','project_id','readonly'),(601,1,5,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(602,1,5,0,2,0,0,'WorkflowPermission','subject','readonly'),(603,1,5,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(604,1,5,0,2,0,0,'WorkflowPermission','is_private','readonly'),(605,1,5,0,2,0,0,'WorkflowPermission','description','readonly'),(606,1,5,0,2,0,0,'WorkflowPermission','1','readonly'),(607,1,5,0,2,0,0,'WorkflowPermission','2','readonly'),(608,1,5,0,2,0,0,'WorkflowPermission','10','readonly'),(609,1,5,0,2,0,0,'WorkflowPermission','20','readonly'),(610,1,5,0,2,0,0,'WorkflowPermission','8','readonly'),(611,1,5,0,2,0,0,'WorkflowPermission','15','readonly'),(612,1,5,0,2,0,0,'WorkflowPermission','11','readonly'),(613,1,5,0,2,0,0,'WorkflowPermission','12','readonly'),(614,1,5,0,2,0,0,'WorkflowPermission','19','readonly'),(615,1,5,0,2,0,0,'WorkflowPermission','17','readonly'),(616,1,5,0,2,0,0,'WorkflowPermission','7','readonly'),(617,1,5,0,2,0,0,'WorkflowPermission','3','readonly'),(618,1,5,0,2,0,0,'WorkflowPermission','5','readonly'),(619,1,5,0,2,0,0,'WorkflowPermission','6','readonly'),(620,1,5,0,2,0,0,'WorkflowPermission','22','readonly'),(621,1,6,0,2,0,0,'WorkflowPermission','project_id','readonly'),(622,1,6,0,2,0,0,'WorkflowPermission','tracker_id','readonly'),(623,1,6,0,2,0,0,'WorkflowPermission','subject','readonly'),(624,1,6,0,2,0,0,'WorkflowPermission','priority_id','readonly'),(625,1,6,0,2,0,0,'WorkflowPermission','is_private','readonly'),(626,1,6,0,2,0,0,'WorkflowPermission','description','readonly'),(627,1,6,0,2,0,0,'WorkflowPermission','1','readonly'),(628,1,6,0,2,0,0,'WorkflowPermission','2','readonly'),(629,1,6,0,2,0,0,'WorkflowPermission','10','readonly'),(630,1,6,0,2,0,0,'WorkflowPermission','20','readonly'),(631,1,6,0,2,0,0,'WorkflowPermission','8','readonly'),(632,1,6,0,2,0,0,'WorkflowPermission','15','readonly'),(633,1,6,0,2,0,0,'WorkflowPermission','11','readonly'),(634,1,6,0,2,0,0,'WorkflowPermission','12','readonly'),(635,1,6,0,2,0,0,'WorkflowPermission','19','readonly'),(636,1,6,0,2,0,0,'WorkflowPermission','17','readonly'),(637,1,6,0,2,0,0,'WorkflowPermission','7','readonly'),(638,1,6,0,2,0,0,'WorkflowPermission','3','readonly'),(639,1,6,0,2,0,0,'WorkflowPermission','5','readonly'),(640,1,6,0,2,0,0,'WorkflowPermission','6','readonly'),(641,1,6,0,2,0,0,'WorkflowPermission','22','readonly'),(642,1,2,3,2,0,0,'WorkflowTransition',NULL,NULL),(643,1,2,6,2,0,0,'WorkflowTransition',NULL,NULL),(644,1,3,4,2,0,0,'WorkflowTransition',NULL,NULL),(645,1,4,5,2,0,0,'WorkflowTransition',NULL,NULL),(646,1,4,6,2,0,0,'WorkflowTransition',NULL,NULL),(647,1,6,3,2,0,0,'WorkflowTransition',NULL,NULL); /*!40000 ALTER TABLE `workflows` ENABLE KEYS */; UNLOCK TABLES; /*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; @@ -1764,4 +1764,4 @@ UNLOCK TABLES; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2020-07-10 23:39:20 +-- Dump completed on 2020-07-15 16:33:41 From 0a976861f3b5905c2cb7d654fd1bab7b77652fa6 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 15 Jul 2020 13:22:11 -0400 Subject: [PATCH 054/124] Dynamically set sensor checkin interval; allow overrides if var is preset --- salt/pcap/files/sensoroni.json | 3 ++- setup/so-functions | 10 ++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/salt/pcap/files/sensoroni.json b/salt/pcap/files/sensoroni.json index 81fc4569b..76fb0e502 100644 --- a/salt/pcap/files/sensoroni.json +++ b/salt/pcap/files/sensoroni.json @@ -1,10 +1,11 @@ {%- set MANAGER = salt['grains.get']('master') -%} {%- set SENSORONIKEY = salt['pillar.get']('static:sensoronikey', '') -%} +{%- set CHECKININTERVALMS = salt['pillar.get']('pcap:sensor_checkin_interval_ms') -%} { "logFilename": "/opt/sensoroni/logs/sensoroni.log", "logLevel":"debug", "agent": { - "pollIntervalMs": 10000, + "pollIntervalMs": {{ CHECKININTERVALMS }}, "serverUrl": "https://{{ MANAGER }}/sensoroniagents", "verifyCert": false, "modules": { diff --git a/setup/so-functions b/setup/so-functions index f4f5d9ba1..0bbc013b2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -923,6 +923,13 @@ manager_pillar() { local pillar_file=$temp_install_dir/pillar/minions/$MINION_ID.sls + if [ -z "$SENSOR_CHECKIN_INTERVAL_MS" ]; then + SENSOR_CHECKIN_INTERVAL_MS=10000 + if [ "$install_type" = 'EVAL' ] || [ "$install_type" = 'STANDALONE' ]; then + SENSOR_CHECKIN_INTERVAL_MS=1000 + fi + fi + # Create the manager pillar printf '%s\n'\ "manager:"\ @@ -969,6 +976,9 @@ manager_pillar() { " lsheap: $LS_HEAP_SIZE"\ " ls_pipeline_workers: $num_cpu_cores"\ ""\ + "pcap:">> "$pillar_file"\ + " sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\ + ""\ "kratos:" >> "$pillar_file" printf '%s\n'\ From 9781d8d0e74862c7d095b62826d6a0df93bb8524 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Wed, 15 Jul 2020 13:53:28 -0400 Subject: [PATCH 055/124] Ensure permissions are consistently applied to all imported PCAP files --- salt/common/tools/sbin/so-import-pcap | 1 + 1 file changed, 1 insertion(+) diff --git a/salt/common/tools/sbin/so-import-pcap b/salt/common/tools/sbin/so-import-pcap index ae7f996ac..a45fe6777 100755 --- a/salt/common/tools/sbin/so-import-pcap +++ b/salt/common/tools/sbin/so-import-pcap @@ -180,6 +180,7 @@ for PCAP in "$@"; do fi cp -f "${PCAP}" "${PCAP_DIR}"/data.pcap + chmod 644 "${PCAP_DIR}"/data.pcap fi # end of valid pcap From d71dc89b136b5577232771c67a2415aa088fd7c2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 15 Jul 2020 17:46:33 -0400 Subject: [PATCH 056/124] New SOUP --- exclude-list.txt | 0 salt/common/tools/sbin/so-docker-refresh | 1 + salt/common/tools/sbin/so-features-enable | 11 ++ salt/common/tools/sbin/soup | 167 ++++++++++++++++-- upgrade/so-update-functions | 205 ---------------------- upgrade/soup | 27 --- 6 files changed, 169 insertions(+), 242 deletions(-) delete mode 100644 exclude-list.txt delete mode 100644 upgrade/so-update-functions delete mode 100644 upgrade/soup diff --git a/exclude-list.txt b/exclude-list.txt deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh index 11200864f..16b8fb930 100644 --- a/salt/common/tools/sbin/so-docker-refresh +++ b/salt/common/tools/sbin/so-docker-refresh @@ -78,6 +78,7 @@ if [ $MANAGERCHECK != 'so-helix' ]; then "so-logstash:$VERSION" \ "so-mysql:$VERSION" \ "so-nginx:$VERSION" \ + "so-pcaptools:$VERSION" \ "so-playbook:$VERSION" \ "so-redis:$VERSION" \ "so-soc:$VERSION" \ diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable index edc378bc5..b4e471c99 100755 --- a/salt/common/tools/sbin/so-features-enable +++ b/salt/common/tools/sbin/so-features-enable @@ -17,6 +17,17 @@ . /usr/sbin/so-common local_salt_dir=/opt/so/saltstack/local +manager_check() { + # Check to see if this is a manager + MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') + if [ $MANAGERCHECK == 'so-eval' OR $MANAGERCHECK == 'so-manager' OR $MANAGERCHECK == 'so-managersearch' ]; then + echo "This is a manager. We can proceed." + else + echo "Please run so-features-enable on the manager." + exit 0 +} + +manager_check VERSION=$(grep soversion $local_salt_dir/pillar/static.sls | cut -d':' -f2|sed 's/ //g') # Modify static.sls to enable Features sed -i 's/features: False/features: True/' $local_salt_dir/pillar/static.sls diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 7c471aa34..7ce5b2ac0 100644 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -15,23 +15,170 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -clone_to_tmp() { +. /usr/sbin/so-common +UPDATE_DIR=/tmp/sogh/securityonion +INSTALLEDVERSION=$(cat /etc/soversion) +default_salt_dir=/opt/so/saltstack/default +manager_check() { + # Check to see if this is a manager + MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') + if [ $MANAGERCHECK == 'so-eval' OR $MANAGERCHECK == 'so-manager' OR $MANAGERCHECK == 'so-managersearch' ]; then + echo "This is a manager. We can proceed" + else + echo "Please run soup on the manager. The manager controls all updates." + exit 0 +} + +clean_dockers() { + # Place Holder for cleaning up old docker images + echo "" +} + +clone_to_tmp() { # TODO Need to add a air gap option + # Clean old files + rm -rf /tmp/sogh # Make a temp location for the files - rm -rf /tmp/soup - mkdir -p /tmp/soup - cd /tmp/soup - #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion-saltstack.git - git clone https://github.com/Security-Onion-Solutions/securityonion-saltstack.git + mkdir -p /tmp/sogh + cd /tmp/sogh + #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion.git + git clone https://github.com/Security-Onion-Solutions/securityonion.git + cd /tmp + if [ ! -f $UPDATE_DIR/VERSION ]; then + echo "Update was unable to pull from github. Please check your internet." + exit 0 + fi +} + +copy_new_files() { + # Copy new files over to the salt dir + cd /tmp/sogh/securityonion + rsync -a salt $default_salt_dir/ + rsync -a pillar $default_salt_dir/ + chown -R socore:socore $default_salt_dir/ + chmod 755 $default_salt_dir/pillar/firewall/addfirewall.sh + cd /tmp +} + +highstate() { + # Run a highstate but first cancel a running one. + salt-call saltutil.kill_all_jobs + salt-call state.highstate +} + +pillar_changes() { + # This function is to add any new pillar items if needed. + echo "Checking to see if pillar changes are needed" } -# Prompt the user that this requires internets +update_dockers() { + # List all the containers + if [ $MANAGERCHECK != 'so-helix' ]; then + TRUSTED_CONTAINERS=( \ + "so-acng" \ + "so-thehive-cortex" \ + "so-curator" \ + "so-domainstats" \ + "so-elastalert" \ + "so-elasticsearch" \ + "so-filebeat" \ + "so-fleet" \ + "so-fleet-launcher" \ + "so-freqserver" \ + "so-grafana" \ + "so-idstools" \ + "so-influxdb" \ + "so-kibana" \ + "so-kratos" \ + "so-logstash" \ + "so-mysql" \ + "so-nginx" \ + "so-pcaptools" \ + "so-playbook" \ + "so-redis" \ + "so-soc" \ + "so-soctopus" \ + "so-steno" \ + "so-strelka" \ + "so-suricata" \ + "so-telegraf" \ + "so-thehive" \ + "so-thehive-es" \ + "so-wazuh" \ + "so-zeek" ) + else + TRUSTED_CONTAINERS=( \ + "so-filebeat" \ + "so-idstools" \ + "so-logstash" \ + "so-nginx" \ + "so-redis" \ + "so-steno" \ + "so-suricata" \ + "so-telegraf" \ + "so-zeek" ) + fi +# Download the containers from the interwebs + for i in "${TRUSTED_CONTAINERS[@]}" + do + # Pull down the trusted docker image + echo "Downloading $i:$NEWVERSION" + docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i:$NEWVERSION + # Tag it with the new registry destination + docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION + docker push $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION + done + +} + +update_version() { + # Update the version to the latest + echo "Updating the version file." + echo $NEWVERSION > /etc/soversion +} + +upgrade_check() { + # Let's make sure we actually need to update. + NEWVERSION=$(cat $UPDATE_DIR/VERSION) + if [ $INSTALLEDVERSION == $NEWVERSION ]; then + echo "You are already running the latest version of Security Onion." + exit 0 + else + echo "Performing Upgrade from $INSTALLEDVERSION to $NEWVERSION" + fi +} + +verify_latest_update_script() { + # Check to see if the update scripts match. If not run the new one. + CURRENTSOUP=$(md5sum /usr/sbin/soup) + GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup) + if [ $CURRENTSOUP == $GITSOUP ]; then + echo "The scripts match" + else + echo "They don't match" + cp $UPDATE_DIR/salt/sommon/tools/sbin/soup /usr/sbin/soup + cp $UPDATE_DIR/salt/common/tools/sbin/soup $default_salt_dir/salt/common/tools/sbin/ + echo "soup has been updated. Please run soup again" + exit 0 + fi +} + +manager_check clone_to_tmp -cd /tmp/soup/securityonion-saltstack/update -chmod +x soup -./soup +verify_latest_update_script +upgrade_check +pillar_changes +clean_dockers +update_dockers +copy_new_files +highstate +update_version + + + + diff --git a/upgrade/so-update-functions b/upgrade/so-update-functions deleted file mode 100644 index 3ab79df39..000000000 --- a/upgrade/so-update-functions +++ /dev/null @@ -1,205 +0,0 @@ -#!/bin/bash - -# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -. /usr/sbin/so-common - -# Set the new SO Version -UPDATEVERSION=1.2.2 -BUILD=HH - -#Determine the current install version - -if [ -f /etc/soversion ]; then - OLDVERSION=$(cat /etc/soversion) -else - OLDVERSION=1.1.4 -fi - -# Use the hostname -HOSTNAME=$(hostname) - -# List all the containers -if [ $MANAGERCHECK != 'so-helix' ]; then - TRUSTED_CONTAINERS=( \ - "so-acng:$BUILD$UPDATEVERSION" \ - "so-thehive-cortex:$BUILD$UPDATEVERSION" \ - "so-curator:$BUILD$UPDATEVERSION" \ - "so-domainstats:$BUILD$UPDATEVERSION" \ - "so-elastalert:$BUILD$UPDATEVERSION" \ - "so-elasticsearch:$BUILD$UPDATEVERSION" \ - "so-filebeat:$BUILD$UPDATEVERSION" \ - "so-fleet:$BUILD$UPDATEVERSION" \ - "so-fleet-launcher:$BUILD$UPDATEVERSION" \ - "so-freqserver:$BUILD$UPDATEVERSION" \ - "so-grafana:$BUILD$UPDATEVERSION" \ - "so-idstools:$BUILD$UPDATEVERSION" \ - "so-influxdb:$BUILD$UPDATEVERSION" \ - "so-kibana:$BUILD$UPDATEVERSION" \ - "so-kratos:$BUILD$UPDATEVERSION" \ - "so-logstash:$BUILD$UPDATEVERSION" \ - "so-mysql:$BUILD$UPDATEVERSION" \ - "so-nginx:$BUILD$UPDATEVERSION" \ - "so-playbook:$BUILD$UPDATEVERSION" \ - "so-redis:$BUILD$UPDATEVERSION" \ - "so-soc:$BUILD$UPDATEVERSION" \ - "so-soctopus:$BUILD$UPDATEVERSION" \ - "so-steno:$BUILD$UPDATEVERSION" \ - "so-strelka:$BUILD$UPDATEVERSION" \ - "so-suricata:$BUILD$UPDATEVERSION" \ - "so-telegraf:$BUILD$UPDATEVERSION" \ - "so-thehive:$BUILD$UPDATEVERSION" \ - "so-thehive-es:$BUILD$UPDATEVERSION" \ - "so-wazuh:$BUILD$UPDATEVERSION" \ - "so-zeek:$BUILD$UPDATEVERSION" ) - else - TRUSTED_CONTAINERS=( \ - "so-filebeat:$BUILD$UPDATEVERSION" \ - "so-idstools:$BUILD$UPDATEVERSION" \ - "so-logstash:$BUILD$UPDATEVERSION" \ - "so-nginx:$BUILD$UPDATEVERSION" \ - "so-redis:$BUILD$UPDATEVERSION" \ - "so-steno:$BUILD$UPDATEVERSION" \ - "so-suricata:$BUILD$UPDATEVERSION" \ - "so-telegraf:$BUILD$UPDATEVERSION" \ - "so-zeek:$BUILD$UPDATEVERSION" ) - fi - - -clone_to_tmp() { - - # TODO Need to add a air gap option - # Make a temp location for the files - mkdir /tmp/sogh - cd /tmp/sogh - #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion-saltstack.git - git clone https://github.com/Security-Onion-Solutions/securityonion-saltstack.git - cd /tmp - -} - -copy_new_files() { - - # Copy new files over to the salt dir - cd /tmp/sogh/securityonion-saltstack - rsync -a --exclude-from 'exclude-list.txt' salt $default_salt_dir/ - chown -R socore:socore $default_salt_dir/salt - chmod 755 $default_salt_dir/pillar/firewall/addfirewall.sh - cd /tmp -} - -detect_os() { - - # Detect Base OS - echo "Detecting Base OS" >> $UPDATELOG 2>&1 - if [ -f /etc/redhat-release ]; then - OS=centos - if grep -q "CentOS Linux release 7" /etc/redhat-release; then - OSVER=7 - elif grep -q "CentOS Linux release 8" /etc/redhat-release; then - OSVER=8 - echo "We currently do not support CentOS $OSVER but we are working on it!" - exit - else - echo "We do not support the version of CentOS you are trying to use" - exit - fi - - elif [ -f /etc/os-release ]; then - OS=ubuntu - if grep -q "UBUNTU_CODENAME=bionic" /etc/os-release; then - OSVER=bionic - elif grep -q "UBUNTU_CODENAME=xenial" /etc/os-release; then - OSVER=xenial - else - echo "We do not support your current version of Ubuntu" - exit - fi - else - echo "We were unable to determine if you are using a supported OS." >> $UPDATELOG 2>&1 - exit - fi - - echo "Found OS: $OS $OSVER" >> $UPDATELOG 2>&1 - -} - -manager_check() { - # Check to see if this is a manager - MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') - if [ $MANAGERCHECK == 'so-eval' OR $MANAGERCHECK == 'so-manager' OR $MANAGERCHECK == 'so-managersearch' ]; then - echo "This is a manager. We can proceed" - else - echo "Please run soup on the manager. The manager controls all updates." - exit -} - -salt_highstate() { - - salt-call state.highstate - -} - -update_held_packages() { - - if [ $OS == "centos" ] - SALTVER=2019.2.4 - DOCKERVER= - yum -y --disableexcludes=all update salt-$SALTVER - yum -y --disableexcludes=all update docker-ce-$DOCKERVER - else - SALTVER=2019.2.4+ds-1 - DOCKERVER=5:19.03.8~3-0~ubuntu-xenial - fi - -} - -update_all_packages() { - - # Update all the things based on OS - if [ $OS == "centos" ]; then - yum -y update - else - apt -y update && apt -y upgrade - fi - -} - -update_docker_containers() { - - # Download the containers from the interwebs - for i in "${TRUSTED_CONTAINERS[@]}" - do - # Pull down the trusted docker image - echo "Downloading $i" - docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i - # Tag it with the new registry destination - docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i - docker push $HOSTNAME:5000/$IMAGEREPO/$i - done - - for i in "${TRUSTED_CONTAINERS[@]}" - do - echo "Removing $i locally" - docker rmi $IMAGEREPO/$i - done - -} - -update_hh_version() { - # Change the version number in the static pillar - -} diff --git a/upgrade/soup b/upgrade/soup deleted file mode 100644 index 068782f04..000000000 --- a/upgrade/soup +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -# Copyright 2014,2015,2016,2017,2018,2019,2020 Security Onion Solutions, LLC - -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -SCRIPTDIR=$(dirname "$0") -source $SCRIPTDIR/so-update-functions - -# Update Packages -manager_check -update_all_packages -update_held_packages - - - From 473606371ab59cf40721e576c886391a00d8d9fe Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 15 Jul 2020 17:49:13 -0400 Subject: [PATCH 057/124] Fix Features Download --- salt/common/tools/sbin/so-features-enable | 5 ----- 1 file changed, 5 deletions(-) diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable index b4e471c99..a7507290f 100755 --- a/salt/common/tools/sbin/so-features-enable +++ b/salt/common/tools/sbin/so-features-enable @@ -47,8 +47,3 @@ do docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i docker push $HOSTNAME:5000/$IMAGEREPO/$i done -for i in "${TRUSTED_CONTAINERS[@]}" -do - echo "Removing $i locally" - docker rmi $IMAGEREPO/$i -done From a4672dedee9fd022c79d5b8ff8e412506fe4793c Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Wed, 15 Jul 2020 18:17:05 -0400 Subject: [PATCH 058/124] Update README.md --- README.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/README.md b/README.md index 1cff4b355..474041903 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,30 @@ +## Security Onion 2.0.0.rc1 + +Security Onion 2.0.0 RC1 is here! This will require a fresh install but there is good news: From here on out you will be able to use soup on the master to upgrade your environment to RC2 and beyond! The team here has been hard at work to bring you the following changes: + +- You will notice we have done a little re-branding to give 2.0 a fresh look. +- We have removed all references to "master" in the code and now call it a "manager". +- All documentation has moved to our docs site. +- soup is alive! This will only update the Security Onion components. Please use the build in OS update process to keep the OS up to date. +- so-features-enable should now properly work. +- so-import-pcap! See the docs here. +- You can now pivot to PCAP from Suricata alerts. +- ISO install now prompts you to create an admin user instead of using onion. This user has full sudo rights. +- The disk should now more reliably clean itself up. +- Changed the default permissions for /opt/so to keep non-priviledged users from accessing salt and related files. +- Locked down access to certain SSL keys. +- Suricata logs will now compress after they roll over. +- You can now customize shard counts per index. +- Elastic ingest parsing improvements. +- Elastic nodes are now "hot" by default. This will allow adding a warm node easier. +- so-allow will now run at the end of an install so you can enable access right away. + + +## Hybrid Hunter Beta 1.4.1 - Beta 3 + +- Fix install script to handle hostnames properly. + + ## Hybrid Hunter Beta 1.4.0 - Beta 3 - Complete overhaul of the way we handle custom and default settings and data. You will now see a default and local directory under the saltstack directory. All customizations are stored in local. From 48c9244a8114c30f7ddbc151ff54813d5d21e398 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 15 Jul 2020 19:05:49 -0400 Subject: [PATCH 059/124] Update README.md --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 474041903..fea8247c5 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ## Security Onion 2.0.0.rc1 -Security Onion 2.0.0 RC1 is here! This will require a fresh install but there is good news: From here on out you will be able to use soup on the master to upgrade your environment to RC2 and beyond! The team here has been hard at work to bring you the following changes: +Security Onion 2.0.0 RC1 is here! This will require a fresh install but there is good news: From here on out you will be able to use soup on the manager to upgrade your environment to RC2 and beyond! The team here has been hard at work to bring you the following changes: - You will notice we have done a little re-branding to give 2.0 a fresh look. - We have removed all references to "master" in the code and now call it a "manager". @@ -18,6 +18,18 @@ Security Onion 2.0.0 RC1 is here! This will require a fresh install but there is - Elastic ingest parsing improvements. - Elastic nodes are now "hot" by default. This will allow adding a warm node easier. - so-allow will now run at the end of an install so you can enable access right away. +- Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardised and copied to `event.severity` (1-Low/2-Medium/3-High/4-Critical) +- Initial implementation of alerting queues: + - Low & Medium alerts are accessible through Kibana & SOC Hunt + - High & Critical alerts are accessible through Kibana, SOC Hunt and sent to TheHive for immediate viewing +- ATT&CK Navigator is now a statically-hosted site in the nginx container +- Playbook + - All Sigma rules in the community repo are now imported & kept up to date (500+) + - Initial implementation of automated testing when a Play's detection logic has been edited (ie Unit Testing) + - UI Theme has been updated + - Once authenticated through SOC, you can now access Playbook with analyst permissions without login +- Ingest parsing updates for Windows Eventlogs & Sysmon logs shipped with WinLogbeat & Osquery (ECS) +- Kolide Launcher update to include the ability to pass arbitrary flags - new functionality sponsored by SOS ## Hybrid Hunter Beta 1.4.1 - Beta 3 From 29c28fcb5e811703ef1a273bd850453a6fbb5a82 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 15 Jul 2020 19:06:36 -0400 Subject: [PATCH 060/124] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fea8247c5..e5f3f8b27 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,8 @@ Security Onion 2.0.0 RC1 is here! This will require a fresh install but there is - Elastic ingest parsing improvements. - Elastic nodes are now "hot" by default. This will allow adding a warm node easier. - so-allow will now run at the end of an install so you can enable access right away. -- Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardised and copied to `event.severity` (1-Low/2-Medium/3-High/4-Critical) +- Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardised and copied to `event.severity`: + - 1-Low / 2-Medium / 3-High / 4-Critical - Initial implementation of alerting queues: - Low & Medium alerts are accessible through Kibana & SOC Hunt - High & Critical alerts are accessible through Kibana, SOC Hunt and sent to TheHive for immediate viewing From 350d2fbeda449f807647797b536eef359b8b28ac Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Wed, 15 Jul 2020 19:07:25 -0400 Subject: [PATCH 061/124] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e5f3f8b27..8016d2fcc 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ Security Onion 2.0.0 RC1 is here! This will require a fresh install but there is - 1-Low / 2-Medium / 3-High / 4-Critical - Initial implementation of alerting queues: - Low & Medium alerts are accessible through Kibana & SOC Hunt - - High & Critical alerts are accessible through Kibana, SOC Hunt and sent to TheHive for immediate viewing + - High & Critical alerts are accessible through Kibana, SOC Hunt and sent to TheHive for immediate analysis - ATT&CK Navigator is now a statically-hosted site in the nginx container - Playbook - All Sigma rules in the community repo are now imported & kept up to date (500+) From f7d527bb9016f46d5f70914774c3251da429ced1 Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 16 Jul 2020 08:14:23 -0400 Subject: [PATCH 062/124] Update README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 8016d2fcc..ca6f12699 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,12 @@ Security Onion 2.0.0 RC1 is here! This will require a fresh install but there is - Once authenticated through SOC, you can now access Playbook with analyst permissions without login - Ingest parsing updates for Windows Eventlogs & Sysmon logs shipped with WinLogbeat & Osquery (ECS) - Kolide Launcher update to include the ability to pass arbitrary flags - new functionality sponsored by SOS +- Fixed issue with Wazuh authd registration service port not being correctly exposed +- Added option for exposure of ES Rest API (port 9200) to so-allow for easier external querying/integration with other tools +- Added option to so-allow for external Strelka file uploads (ex. via `strelka-fileshot`) +- Added default YARA rules for Strelka -- default rules are fmaintained by Florian Roth and pulled from https://github.com/Neo23x0/signature-base +- Added the ability to use custom Zeek scripts +- Improved unification of Zeek and Strelka file data ## Hybrid Hunter Beta 1.4.1 - Beta 3 From 7fecfdab32d5c31e221be639724ffcd54235790f Mon Sep 17 00:00:00 2001 From: weslambert Date: Thu, 16 Jul 2020 08:14:47 -0400 Subject: [PATCH 063/124] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ca6f12699..6c55eb65e 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ Security Onion 2.0.0 RC1 is here! This will require a fresh install but there is - Fixed issue with Wazuh authd registration service port not being correctly exposed - Added option for exposure of ES Rest API (port 9200) to so-allow for easier external querying/integration with other tools - Added option to so-allow for external Strelka file uploads (ex. via `strelka-fileshot`) -- Added default YARA rules for Strelka -- default rules are fmaintained by Florian Roth and pulled from https://github.com/Neo23x0/signature-base +- Added default YARA rules for Strelka -- default rules are maintained by Florian Roth and pulled from https://github.com/Neo23x0/signature-base - Added the ability to use custom Zeek scripts - Improved unification of Zeek and Strelka file data From 5190e5d4342b2c8019234319cb135c731cde9a93 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 16 Jul 2020 09:20:20 -0400 Subject: [PATCH 064/124] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6c55eb65e..9a71e2b49 100644 --- a/README.md +++ b/README.md @@ -37,6 +37,7 @@ Security Onion 2.0.0 RC1 is here! This will require a fresh install but there is - Added default YARA rules for Strelka -- default rules are maintained by Florian Roth and pulled from https://github.com/Neo23x0/signature-base - Added the ability to use custom Zeek scripts - Improved unification of Zeek and Strelka file data +- The web email & password set during setup is also used to create the initial accounts for TheHive, Cortex, and Fleet ## Hybrid Hunter Beta 1.4.1 - Beta 3 From 8275f458a18f3187a8c14ee3435072052f77e016 Mon Sep 17 00:00:00 2001 From: Wes Lambert Date: Thu, 16 Jul 2020 13:30:38 +0000 Subject: [PATCH 065/124] Fix module eval --- .../logstash/pipelines/config/so/9700_output_strelka.conf.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja index 9fd074f3f..0e6977e29 100644 --- a/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja +++ b/salt/logstash/pipelines/config/so/9700_output_strelka.conf.jinja @@ -4,7 +4,7 @@ {%- set ES = salt['pillar.get']('elasticsearch:mainip', '') -%} {%- endif %} output { - if [event_type] =~ "strelka" { + if [module] =~ "strelka" { elasticsearch { pipeline => "%{module}.%{dataset}" hosts => "{{ ES }}" From f10f47ad4e303645437b000b7ebccda4f66c560e Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 16 Jul 2020 10:12:10 -0400 Subject: [PATCH 066/124] including elasticsearch in logstash state --- salt/logstash/init.sls | 3 +++ salt/top.sls | 6 ------ 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index dbf345822..60e0967c3 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -38,6 +38,9 @@ {% set PIPELINES = salt['pillar.get']('logstash:pipelines', {}) %} {% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %} +include: + - elasticsearch + # Create the logstash group logstashgroup: group.present: diff --git a/salt/top.sls b/salt/top.sls index a04e75657..f95223354 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -138,7 +138,6 @@ base: {%- if WAZUH != 0 %} - wazuh {%- endif %} - - elasticsearch - logstash - kibana - elastalert @@ -185,7 +184,6 @@ base: {%- if WAZUH != 0 %} - wazuh {%- endif %} - - elasticsearch - logstash - kibana - pcap @@ -237,7 +235,6 @@ base: - common - firewall - logstash - - elasticsearch - curator {%- if FLEETMANAGER or FLEETNODE %} - fleet.install_package @@ -265,7 +262,6 @@ base: - wazuh {%- endif %} - logstash - - elasticsearch - curator - filebeat {%- if FLEETMANAGER or FLEETNODE %} @@ -309,7 +305,6 @@ base: - wazuh {%- endif %} - logstash - - elasticsearch - curator - kibana - elastalert @@ -345,7 +340,6 @@ base: - wazuh {%- endif %} - logstash - - elasticsearch - curator - filebeat {%- if FLEETMANAGER or FLEETNODE %} From 5d2c6d330fbfb8d45971ba4f7025a38091e51c36 Mon Sep 17 00:00:00 2001 From: phil1090 Date: Thu, 16 Jul 2020 10:15:40 -0400 Subject: [PATCH 067/124] Update README.md --- README.md | 59 +++++++++++++++++++++++++++---------------------------- 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index 9a71e2b49..8f779a71e 100644 --- a/README.md +++ b/README.md @@ -1,44 +1,43 @@ ## Security Onion 2.0.0.rc1 -Security Onion 2.0.0 RC1 is here! This will require a fresh install but there is good news: From here on out you will be able to use soup on the manager to upgrade your environment to RC2 and beyond! The team here has been hard at work to bring you the following changes: +Security Onion 2.0.0 RC1 is here! This version requires a fresh install, but there is good news - we have brought back soup! From now on, you should be able to run soup on the manager to upgrade your environment to RC2 and beyond! -- You will notice we have done a little re-branding to give 2.0 a fresh look. -- We have removed all references to "master" in the code and now call it a "manager". -- All documentation has moved to our docs site. -- soup is alive! This will only update the Security Onion components. Please use the build in OS update process to keep the OS up to date. -- so-features-enable should now properly work. -- so-import-pcap! See the docs here. -- You can now pivot to PCAP from Suricata alerts. -- ISO install now prompts you to create an admin user instead of using onion. This user has full sudo rights. -- The disk should now more reliably clean itself up. -- Changed the default permissions for /opt/so to keep non-priviledged users from accessing salt and related files. -- Locked down access to certain SSL keys. -- Suricata logs will now compress after they roll over. -- You can now customize shard counts per index. -- Elastic ingest parsing improvements. -- Elastic nodes are now "hot" by default. This will allow adding a warm node easier. -- so-allow will now run at the end of an install so you can enable access right away. -- Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardised and copied to `event.severity`: +### Changes: +- Re-branded 2.0 to give it a fresh look +- All documentation has moved to our [docs site](https://docs.securityonion.net/en/2.0) +- soup is alive! Note: This tool only updates Security Onion components. Please use the built-in OS update process to keep the OS and other components up to date. +- so-import-pcap is back! See the docs [here](http://docs.securityonion.net/en/2.0/so-import-pcap). +- Fixed issue with so-features-enable +- Users can now pivot to PCAP from Suricata alerts +- ISO install now prompts users to create an admin/sudo user instead of using a default account name +- The web email & password set during setup is now used to create the initial accounts for TheHive, Cortex, and Fleet +- Fixed issue with disk cleanup +- Changed the default permissions for /opt/so to keep non-priviledged users from accessing salt and related files +- Locked down access to certain SSL keys +- Suricata logs now compress after they roll over +- Users can now easily customize shard counts per index +- Improved Elastic ingest parsers including Windows event logs and Sysmon logs shipped with WinLogbeat and Osquery (ECS) +- Elastic nodes are now "hot" by default, making it easier to add a warm node later +- so-allow now runs at the end of an install so users can enable access right away +- Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardized and copied to `event.severity`: - 1-Low / 2-Medium / 3-High / 4-Critical - Initial implementation of alerting queues: - - Low & Medium alerts are accessible through Kibana & SOC Hunt - - High & Critical alerts are accessible through Kibana, SOC Hunt and sent to TheHive for immediate analysis + - Low & Medium alerts are accessible through Kibana & Hunt + - High & Critical alerts are accessible through Kibana, Hunt and sent to TheHive for immediate analysis - ATT&CK Navigator is now a statically-hosted site in the nginx container - Playbook - - All Sigma rules in the community repo are now imported & kept up to date (500+) - - Initial implementation of automated testing when a Play's detection logic has been edited (ie Unit Testing) - - UI Theme has been updated - - Once authenticated through SOC, you can now access Playbook with analyst permissions without login -- Ingest parsing updates for Windows Eventlogs & Sysmon logs shipped with WinLogbeat & Osquery (ECS) -- Kolide Launcher update to include the ability to pass arbitrary flags - new functionality sponsored by SOS + - All Sigma rules in the community repo (500+) are now imported and kept up to date + - Initial implementation of automated testing when a Play's detection logic has been edited (i.e., Unit Testing) + - Updated UI Theme + - Once authenticated through SOC, users can now access Playbook with analyst permissions without login +- Kolide Launcher has been updated to include the ability to pass arbitrary flags - new functionality sponsored by SOS - Fixed issue with Wazuh authd registration service port not being correctly exposed -- Added option for exposure of ES Rest API (port 9200) to so-allow for easier external querying/integration with other tools -- Added option to so-allow for external Strelka file uploads (ex. via `strelka-fileshot`) +- Added option for exposure of Elasticsearch REST API (port 9200) to so-allow for easier external querying/integration with other tools +- Added option to so-allow for external Strelka file uploads (e.g., via `strelka-fileshot`) - Added default YARA rules for Strelka -- default rules are maintained by Florian Roth and pulled from https://github.com/Neo23x0/signature-base - Added the ability to use custom Zeek scripts +- Renamed "master server" to "manager node" - Improved unification of Zeek and Strelka file data -- The web email & password set during setup is also used to create the initial accounts for TheHive, Cortex, and Fleet - ## Hybrid Hunter Beta 1.4.1 - Beta 3 From a041be5c218a39cc68bf16cef7aa8d82d1d42ab4 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 16 Jul 2020 11:33:11 -0400 Subject: [PATCH 068/124] [fix] Don't force YARA Strelka rules during setup --- setup/so-whiptail | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index e48850cb1..3556a8245 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1094,14 +1094,7 @@ whiptail_strelka_rules() { local exitstatus=$? - if [ $exitstatus == 0 ]; then - export STRELKARULES=1 - else - local exitstatus=$? - whiptail_check_exitstatus $exitstatus - export STRELKARULES - - fi + if [[ $exitstatus == 0 ]]; then export STRELKARULES=1; fi } whiptail_suricata_pins() { From 9606d86e846d45448382f5e38012c9b06eb259be Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 16 Jul 2020 13:36:44 -0400 Subject: [PATCH 069/124] dont run templates script if there arent templates --- salt/elasticsearch/init.sls | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls index 7e09ed6c1..909d30152 100644 --- a/salt/elasticsearch/init.sls +++ b/salt/elasticsearch/init.sls @@ -166,7 +166,7 @@ so-elasticsearch-pipelines: - file: esyml - file: so-elasticsearch-pipelines-file -{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] %} +{% if grains['role'] in ['so-manager', 'so-eval', 'so-managersearch', 'so-standalone'] and TEMPLATES %} so-elasticsearch-templates: cmd.run: - name: /usr/sbin/so-elasticsearch-templates From 25dbcfaebe0fcec669dfe4dc6ab1a42685e87df5 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Thu, 16 Jul 2020 14:08:56 -0400 Subject: [PATCH 070/124] [refactor] Add check for "Result: False" in setup --- setup/so-setup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index 149f4768d..7cf0c70f8 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -55,7 +55,7 @@ echo "---- Starting setup at $(date -u) ----" >> $setup_log 2>&1 automated=no function progress() { local title='Security Onion Install' - if grep -q "ERROR" $setup_log || [[ -s /var/spool/mail/root ]]; then + if grep -q -E "ERROR|Result: False" $setup_log || [[ -s /var/spool/mail/root ]]; then if [[ -s /var/spool/mail/root ]]; then echo '[ ERROR ] /var/spool/mail/root grew unexpectedly' >> $setup_log 2>&1 fi From c61a52cc5eb4c80790a34057a519ce5748ea52fd Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 16 Jul 2020 15:05:54 -0400 Subject: [PATCH 071/124] fix the container watch for logstash container state --- salt/logstash/init.sls | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/salt/logstash/init.sls b/salt/logstash/init.sls index 60e0967c3..61d6aecc1 100644 --- a/salt/logstash/init.sls +++ b/salt/logstash/init.sls @@ -37,6 +37,7 @@ {% set PIPELINES = salt['pillar.get']('logstash:pipelines', {}) %} {% set DOCKER_OPTIONS = salt['pillar.get']('logstash:docker_options', {}) %} +{% set TEMPLATES = salt['pillar.get']('elasticsearch:templates', {}) %} include: - elasticsearch @@ -181,4 +182,6 @@ so-logstash: - file: ls_pipeline_{{PL}}_{{CONFIGFILE.split('.')[0] | replace("/","_") }} {% endfor %} {% endfor %} - - file: /opt/so/conf/elasticsearch/templates/* \ No newline at end of file +{% for TEMPLATE in TEMPLATES %} + - file: es_template_{{TEMPLATE.split('.')[0] | replace("/","_") }} +{% endfor %} \ No newline at end of file From 07626905c5cd5b47cfca22ed35f1a149ce5600eb Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 16 Jul 2020 15:20:11 -0400 Subject: [PATCH 072/124] Fix telegraf script perms --- salt/telegraf/init.sls | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/telegraf/init.sls b/salt/telegraf/init.sls index 99e12a60b..668a8839a 100644 --- a/salt/telegraf/init.sls +++ b/salt/telegraf/init.sls @@ -21,9 +21,9 @@ tgrafetsdir: tgrafsyncscripts: file.recurse: - name: /opt/so/conf/telegraf/scripts - - user: 939 + - user: 0 - group: 939 - - file_mode: 755 + - file_mode: 700 - template: jinja - source: salt://telegraf/scripts From d31ce4aa4864033543aa3e81174762bdd0763ae3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 16 Jul 2020 16:32:38 -0400 Subject: [PATCH 073/124] Fix soup issues --- salt/common/tools/sbin/soup | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 7ce5b2ac0..0cec8fe72 100644 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -23,11 +23,12 @@ default_salt_dir=/opt/so/saltstack/default manager_check() { # Check to see if this is a manager MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') - if [ $MANAGERCHECK == 'so-eval' OR $MANAGERCHECK == 'so-manager' OR $MANAGERCHECK == 'so-managersearch' ]; then + if [[ "$MANAGERCHECK" =~ ^('so-eval'|'so-manager'|'so-managersearch')$ ]]; then echo "This is a manager. We can proceed" else echo "Please run soup on the manager. The manager controls all updates." exit 0 + fi } clean_dockers() { @@ -143,7 +144,7 @@ update_version() { upgrade_check() { # Let's make sure we actually need to update. NEWVERSION=$(cat $UPDATE_DIR/VERSION) - if [ $INSTALLEDVERSION == $NEWVERSION ]; then + if [ "$INSTALLEDVERSION" == "$NEWVERSION" ]; then echo "You are already running the latest version of Security Onion." exit 0 else @@ -155,12 +156,13 @@ verify_latest_update_script() { # Check to see if the update scripts match. If not run the new one. CURRENTSOUP=$(md5sum /usr/sbin/soup) GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup) - if [ $CURRENTSOUP == $GITSOUP ]; then - echo "The scripts match" + if [ "$CURRENTSOUP" == "$GITSOUP" ]; then + echo "This version of the soup script is up to date. Verifying versions." else - echo "They don't match" - cp $UPDATE_DIR/salt/sommon/tools/sbin/soup /usr/sbin/soup + echo "You are not running the latest soup version. Updating soup." cp $UPDATE_DIR/salt/common/tools/sbin/soup $default_salt_dir/salt/common/tools/sbin/ + salt-call state.apply common queue=True + echo "" echo "soup has been updated. Please run soup again" exit 0 fi @@ -175,10 +177,4 @@ clean_dockers update_dockers copy_new_files highstate -update_version - - - - - - +update_version \ No newline at end of file From 51beb52bb843c6136e92af265d3ecccccf93d453 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Thu, 16 Jul 2020 16:35:51 -0400 Subject: [PATCH 074/124] Osquery packages hostname fix --- salt/fleet/event_gen-packages.sls | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/salt/fleet/event_gen-packages.sls b/salt/fleet/event_gen-packages.sls index 4aaf631e7..24b013704 100644 --- a/salt/fleet/event_gen-packages.sls +++ b/salt/fleet/event_gen-packages.sls @@ -4,11 +4,14 @@ {% set VERSION = salt['pillar.get']('static:soversion') %} {% set CUSTOM_FLEET_HOSTNAME = salt['pillar.get']('static:fleet_custom_hostname', None) %} {% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} +{%- set FLEETNODE = salt['pillar.get']('static:fleet_node') -%} {% if CUSTOM_FLEET_HOSTNAME != None and CUSTOM_FLEET_HOSTNAME != '' %} {% set HOSTNAME = CUSTOM_FLEET_HOSTNAME %} -{% else %} +{% elif FLEETNODE %} {% set HOSTNAME = grains.host %} +{% else %} + {% set HOSTNAME = salt['pillar.get']('manager:url_base') %} {% endif %} so/fleet: From 21f09a9cd5f91bb23d2d8d9162dadfe9078d1ec0 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 16 Jul 2020 16:37:48 -0400 Subject: [PATCH 075/124] Fix salt refresh script --- salt/common/tools/sbin/so-saltstack-update | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-saltstack-update b/salt/common/tools/sbin/so-saltstack-update index 59c497487..73688dc08 100644 --- a/salt/common/tools/sbin/so-saltstack-update +++ b/salt/common/tools/sbin/so-saltstack-update @@ -32,8 +32,8 @@ copy_new_files() { # Copy new files over to the salt dir cd /tmp/sogh/securityonion git checkout $BRANCH - rsync -a --exclude-from 'exclude-list.txt' salt $default_salt_dir/ - rsync -a --exclude-from 'exclude-list.txt' pillar $default_salt_dir/ + rsync -a salt $default_salt_dir/ + rsync -a pillar $default_salt_dir/ chown -R socore:socore $default_salt_dir/salt chown -R socore:socore $default_salt_dir/pillar chmod 755 $default_salt_dir/pillar/firewall/addfirewall.sh From 258d9d3bfc171aa753691908b58b1ebb664fe1db Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 16 Jul 2020 17:07:04 -0400 Subject: [PATCH 076/124] change salt perms --- salt/common/init.sls | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/salt/common/init.sls b/salt/common/init.sls index bb241c805..69aaa4a17 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -15,13 +15,20 @@ socore: - createhome: True - shell: /bin/bash -soperms: +soconfperms: file.directory: - - name: /opt/so + - name: /opt/so/conf - uid: 939 - gid: 939 - dir_mode: 770 - + +sosaltstackperms: + file.directory: + - name: /opt/so/saltstack + - uid: 939 + - gid: 939 + - dir_mode: 770 + # Create a state directory statedir: file.directory: From 2d68d5419b5f5d4097284b4047e2e7e2cb1ea43d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Thu, 16 Jul 2020 19:47:15 -0400 Subject: [PATCH 077/124] fix adtotab perms --- salt/manager/init.sls | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/salt/manager/init.sls b/salt/manager/init.sls index 43200cd5c..aef705724 100644 --- a/salt/manager/init.sls +++ b/salt/manager/init.sls @@ -26,6 +26,11 @@ socore_own_saltstack: - user - group +/opt/so/saltstack/default/pillar/data/addtotab.sh: + file.managed: + - mode: 750 + - replace: False + {% if managerproxy == 1 %} # Create the directories for apt-cacher-ng From cc77a50d8d7f3f91ba1a580aa0fbcb55995de321 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 16 Jul 2020 21:05:44 -0400 Subject: [PATCH 078/124] change from manager to master for salt config.get --- salt/yum/etc/yum.conf.jinja | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/yum/etc/yum.conf.jinja b/salt/yum/etc/yum.conf.jinja index 81f981c1d..aab63550b 100644 --- a/salt/yum/etc/yum.conf.jinja +++ b/salt/yum/etc/yum.conf.jinja @@ -12,5 +12,5 @@ bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://b distroverpkg=centos-release {% if salt['pillar.get']('static:managerupdate', '0') %} -proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('manager')) }}:3142 +proxy=http://{{ salt['pillar.get']('yum:config:proxy', salt['config.get']('master')) }}:3142 {% endif %} \ No newline at end of file From 32a6f825c20f03887f7488bdaa7a4d8c7f7ff9b0 Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Fri, 17 Jul 2020 08:14:37 -0400 Subject: [PATCH 079/124] Kibana dashboard updates --- salt/kibana/files/saved_objects.ndjson | 1435 ++++++++++++------------ 1 file changed, 725 insertions(+), 710 deletions(-) diff --git a/salt/kibana/files/saved_objects.ndjson b/salt/kibana/files/saved_objects.ndjson index 152393142..81051c94b 100644 --- a/salt/kibana/files/saved_objects.ndjson +++ b/salt/kibana/files/saved_objects.ndjson @@ -1,710 +1,725 @@ -{"attributes":{"fieldFormatMap":"{\"match_body.source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"match_body.destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.slack_webhook_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_webhook_url.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_sent\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.signature_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._index.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lat\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lon\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_ip.keyword\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_matches\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source_ip.keyword\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-sourceip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-sourceip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matches\",\"type\":\"number\",\"count\":3,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"starttime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"time_taken\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traceback\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traceback.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"until\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:elastalert_status*"},"id":"*:elastalert_status*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-06-15T18:49:59.193Z","version":"WzkwLDFd"} -{"attributes":{"fieldFormatMap":"{\"_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PCAPPLACEHOLDER/securityonion/joblookup?esid={{ value }}\",\"labelTemplate\":\"{{value}}\"}},\"uid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"fuid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"resp_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"orig_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"sid\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0.[000]\"}},\"query\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"query.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"signature_info\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{rawValue}}\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"duration\":{\"id\":\"duration\",\"params\":{\"outputFormat\":\"asSeconds\",\"outputPrecision\":6}},\"missed_bytes\":{\"id\":\"bytes\"},\"missing_bytes\":{\"id\":\"bytes\"},\"original_bytes\":{\"id\":\"bytes\"},\"original_ip_bytes\":{\"id\":\"bytes\"},\"overflow_bytes\":{\"id\":\"bytes\"},\"respond_bytes\":{\"id\":\"bytes\"},\"respond_ip_bytes\":{\"id\":\"bytes\"},\"seen_bytes\":{\"id\":\"bytes\"},\"total_bytes\":{\"id\":\"bytes\"},\"rtt\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0000000]\"}},\"uids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"osquery.LiveQuery\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"LiveQuery\"}},\"TheHive\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"\",\"labelTemplate\":\"Add2Hive\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ack\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ack.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints.path_len\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat_host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat_host.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_fqdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_fqdn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.dpkg_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.dpkg_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.package\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.package.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.args.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.egroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.egroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.euser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.euser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.fgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.fgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nlwp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nlwp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pgrp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pgrp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.processor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.processor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.resident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.resident.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.rgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.rgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ruser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ruser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.sgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.sgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.share\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.share.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.start_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.start_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.stime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.stime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.suser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.suser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.utime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.utime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.vm_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.vm_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.format\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.format.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.multiarch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.multiarch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.section\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.section.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.vendor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.vendor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.ftscomment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.ftscomment.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.parent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.parent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted_cutoff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted_cutoff.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"framed_addr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"framed_addr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"full_log\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"full_log.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_responses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_responses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ecn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_ecn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3s\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3s.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"options.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.LiveQuery\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.LiveQuery.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.calendarTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.calendarTime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.shell.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.counter\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.epoch\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hardware_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hardware_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostIdentifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostIdentifier.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.unixTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prospector.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_location.country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_signature.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sequence_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_dns_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_dns_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_nb_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_nb_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_tree_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_tree_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.event.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.inode_after\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.perm_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.perm_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tcp_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"urg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"urg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.firedtimes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gdpr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gdpr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gpg13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gpg13.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.groups\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.groups.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.mail\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.pci_dss\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.pci_dss.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"window\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"window.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'soctopus/thehive/alert/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-*"},"id":"*:logstash-*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEzLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion - Network Data","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Datasets** \\n[Connections](/kibana/app/kibana#/dashboard/0cc628b0-6e9f-11ea-9266-1fd14ca6af34) | [DCE/RPC](/kibana/app/kibana#/dashboard/9e882df0-72c5-11ea-8dd2-9d8795a1200b) |\\n[DHCP](/kibana/app/kibana#/dashboard/80625c10-96dd-11ea-814e-bb515e873c2c) \\n[DNP3](/kibana/app/kibana#/dashboard/b1f52180-755a-11ea-9565-7315f4ee5cac) | [DNS](/kibana/app/kibana#/dashboard/55ac6bf0-6ec4-11ea-9266-1fd14ca6af34) |\\n[FTP](/kibana/app/kibana#/dashboard/739bfad0-755a-11ea-9565-7315f4ee5cac) |\\n[HTTP](/kibana/app/kibana#/dashboard/44e9c820-6eb1-11ea-9266-1fd14ca6af34) | [IRC](/kibana/app/kibana#/dashboard/38523560-75ba-11ea-9565-7315f4ee5cac) |\\n[Kerberos](/kibana/app/kibana#/dashboard/b207ab90-75bc-11ea-9565-7315f4ee5cac) \\n[Modbus](/kibana/app/kibana#/dashboard/886a7b90-75bd-11ea-9565-7315f4ee5cac) | \\n[MySQL](/kibana/app/kibana#/dashboard/c3ced6d0-75be-11ea-9565-7315f4ee5cac) | \\n[NTLM](/kibana/app/kibana#/dashboard/558292e0-75c1-11ea-9565-7315f4ee5cac) | \\n[RADIUS](/kibana/app/kibana#/dashboard/b9769e60-75c4-11ea-9565-7315f4ee5cac) | [RDP](/kibana/app/kibana#/dashboard/5b743150-75c5-11ea-9565-7315f4ee5cac) | \\n[RFB](/kibana/app/kibana#/dashboard/c8b3c360-75c6-11ea-9565-7315f4ee5cac) | [SIP](/kibana/app/kibana#/dashboard/dd98e260-75c6-11ea-9565-7315f4ee5cac) \\n[SMB](/kibana/app/kibana#/dashboard/f24d7b80-75c6-11ea-9565-7315f4ee5cac) | [SMTP](/kibana/app/kibana#/dashboard/00304500-75e7-11ea-9565-7315f4ee5cac) | [SNMP](/kibana/app/kibana#/dashboard/96522610-75e8-11ea-9565-7315f4ee5cac) | \\n[SSH](/kibana/app/kibana#/dashboard/9dfd77e0-75eb-11ea-9565-7315f4ee5cac) | [SSL](/kibana/app/kibana#/dashboard/efae8de0-75eb-11ea-9565-7315f4ee5cac) | [Syslog](/kibana/app/kibana#/dashboard/66499a20-75ed-11ea-9565-7315f4ee5cac) | [Tunnels](/kibana/app/kibana#/dashboard/c962dd60-75ed-11ea-9565-7315f4ee5cac) | [X.509](/kibana/app/kibana#/dashboard/2e0865f0-75ee-11ea-9565-7315f4ee5cac) \\n\"},\"aggs\":[]}"},"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEsMV0="} -{"attributes":{"fieldFormatMap":"{\"network.community_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:network.community_id,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(network.community_id:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/securityonion/joblookup?esid={{ value }}\",\"labelTemplate\":\"{{ value }}\"}},\"client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"Push to TheHive\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"\",\"labelTemplate\":\"Click to create an alert in TheHive\"}},\"event.dataset\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.dataset.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"osquery.result.live_query\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://FLEETPLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"osquery.result.live_query.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://FLEETPLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.ip\"}}},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"client.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.id.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.id.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.ip\"}}},{\"name\":\"client.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.port\"}}},{\"name\":\"client.user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"connection.bytes.missed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.history\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.history.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.local.originator\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.local.responder\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"data.data\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.data.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.data\"}}},{\"name\":\"data.euid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.euid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.euid\"}}},{\"name\":\"data.file\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.file\"}}},{\"name\":\"data.gid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.gid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.gid\"}}},{\"name\":\"data.home\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.home.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.home\"}}},{\"name\":\"data.pwd\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.pwd\"}}},{\"name\":\"data.shell\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.shell.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.shell\"}}},{\"name\":\"data.srcport\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.srcport.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.srcport\"}}},{\"name\":\"data.srcuser\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.srcuser.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.srcuser\"}}},{\"name\":\"data.title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.title\"}}},{\"name\":\"data.tty\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.tty\"}}},{\"name\":\"data.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.uid\"}}},{\"name\":\"dce_rpc.endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.named_pipe\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.named_pipe.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.operation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.operation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.ip\"}}},{\"name\":\"destination.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.hostname\"}}},{\"name\":\"destination.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.ip\"}}},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.assigned_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.assigned_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.lease_time\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.message_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.message_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.requested_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.requested_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dnp3.fc_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.iin\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.answers.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.answers\"}}},{\"name\":\"dns.authoritative\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.highest_registered_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.highest_registered_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.parent_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.parent_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.class_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.rejected\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.type_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.recursion.available\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.recursion.desired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.reserved\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.response.code_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.subdomain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.subdomain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.top_level_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.truncated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ttls\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"error.reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.duration\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"file.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.aslr\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.missing\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.overflow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.seen\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_integrity\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.compile_timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.compile_timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.debug_data\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.dep\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.cutoff\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.extracted.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.is_64bit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_exe\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.local_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.machine\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.machine.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.mime_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mime_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mimetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mimetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.orig_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.os\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.os.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.resp_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.section_names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.section_names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.seh\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.table.cert\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.export\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.import\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.timed_out\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.times_accessed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_accessed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_changed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_changed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_modified\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_modified.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"ftp.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.data_channel_destination.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.data_channel_destination.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.data_channel_destination.ip\"}}},{\"name\":\"ftp.data_channel_destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_passive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_source.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.data_channel_source.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.data_channel_source.ip\"}}},{\"name\":\"ftp.password\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.password.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.hassh\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.hassh.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.ja3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3s\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3s.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.md5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.md5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.sha1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.kernel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.syscheck.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.gid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.inode_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.inode_before\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.md5_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.mtime_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.perm_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.perm_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.sha1_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha256_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.size_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.size_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_before\"}}},{\"name\":\"host.syscheck.uid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"http.info_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.info_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.info_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.proxied\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.proxied.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.referrer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.referrer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.trans_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.virtual_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.virtual_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"ingest.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ingest.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"irc.command.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.nickname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.nickname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"kerberos.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.error_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.error_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.request_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.request_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.server.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.server.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.server.certificate.subject\"}}},{\"name\":\"kerberos.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.forwardable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.renewable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.valid.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.until\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.until.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.full\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.full.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.id.client_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.client_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.orig_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.orig_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.resp_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.resp_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.server_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.server_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.tunnel_parents\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.tunnel_parents.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.location\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.location.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.previous_log\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.previous_log.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.previous_log\"}}},{\"name\":\"log.previous_output\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.previous_output.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.previous_output\"}}},{\"name\":\"manager.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"message\"}}},{\"name\":\"modbus.exception\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.exception.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.exception\"}}},{\"name\":\"modbus.function\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.function.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"mysql.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.rows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.community_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.data.decoded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.data.decoded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.transport\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.transport.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"notice.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.note\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.note.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.p\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice.peer_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.peer_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.sub_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.sub_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.suppress_for\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm.server.dns.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.dns.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.nb.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.nb.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.tree.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.tree.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"osquery.result.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.calendar_time\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.calendar_time.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendar_time\"}}},{\"name\":\"osquery.result.codename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.codename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.columns.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.address\"}}},{\"name\":\"osquery.result.columns.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.description\"}}},{\"name\":\"osquery.result.columns.directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.directory\"}}},{\"name\":\"osquery.result.columns.gid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.gid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.gid\"}}},{\"name\":\"osquery.result.columns.gid_signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.gid_signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.gid_signed\"}}},{\"name\":\"osquery.result.columns.hostnames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.hostnames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.hostnames\"}}},{\"name\":\"osquery.result.columns.shell\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.shell.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.shell\"}}},{\"name\":\"osquery.result.columns.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.uid\"}}},{\"name\":\"osquery.result.columns.uid_signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.uid_signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.uid_signed\"}}},{\"name\":\"osquery.result.columns.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.username\"}}},{\"name\":\"osquery.result.columns.uuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.uuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.uuid\"}}},{\"name\":\"osquery.result.counter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.endpoint_ip1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.epoch\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.hardware_serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hardware_serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.host_identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.host_identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.host_identifier\"}}},{\"name\":\"osquery.result.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.live_query\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.live_query.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.numerics\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.unix_time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.name\"}}},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.pe.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.file_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.original_file_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.ppid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ppid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.working_directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.working_directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"radius.framed_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.framed_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"rdp.certificate_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_permanent\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.certificate_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.client_build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.client_build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.desktop.height\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.desktop.width\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.encryption_level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.keyboard_layout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.keyboard_layout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.requested_color_depth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.requested_color_depth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.security_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.security_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"rule.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.cis\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.cis.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.cis\"}}},{\"name\":\"rule.firedtimes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.frequency\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gdpr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gdpr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gpg13\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gpg13.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.groups\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.groups.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.hipaa\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hipaa.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.id\"}}},{\"name\":\"rule.level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.mail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.metadata.affected_product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.affected_product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.attack_target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.attack_target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.created_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.created_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.deployment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.deployment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.former_category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.former_category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.malware_family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.malware_family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.performance_impact\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.performance_impact.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.signature_severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.signature_severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.tag\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.tag.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.updated_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.updated_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.nist_800_53\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.nist_800_53.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.pci_dss\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.pci_dss.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.uuid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.ip\"}}},{\"name\":\"server.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.port\"}}},{\"name\":\"server.reply_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"sip.call_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.call_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.content_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.content_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.request.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.response.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.seq\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.seq.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.transaction.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"smb.file_system\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.file_system.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.share_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.share_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smtp.cc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.cc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.first_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.first_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.helo\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.helo.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.in_reply_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.in_reply_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.is_webmail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.last_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.last_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.mail_date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.message_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.message_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.recipient_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.recipient_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.second_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.second_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.tls\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.transaction_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"snmp.community\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.community.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.display_string\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.display_string.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.get.bulk_requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.responses\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.set.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.up_since\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.up_since.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"socks.bound.host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.bound.host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.request.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.request.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.version.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.major\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor2\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.unparsed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.unparsed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.ip\"}}},{\"name\":\"source.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.hostname\"}}},{\"name\":\"source.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.ip\"}}},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.attempts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.cipher_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.cipher_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.compression_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.compression_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.direction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.hassh_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.host_key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.kex_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.kex_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.mac_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.mac_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.client.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.established\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.last_alert\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.last_alert.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.next_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.next_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.resumed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.server_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.server_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.validation_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.validation_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"syslog.facility\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.facility.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.facility\"}}},{\"name\":\"syslog.severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.severity\"}}},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tags\"}}},{\"name\":\"tunnel.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"user.escalated\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.escalated.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.escalated\"}}},{\"name\":\"user.gid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.gid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.gid\"}}},{\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"user.shell\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.shell.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.shell\"}}},{\"name\":\"user.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.uid\"}}},{\"name\":\"version.minor3\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.notice\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.peer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.peer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"x509.basic_constraints.ca\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.exponent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.exponent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.key.algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.key.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.not_valid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.signing_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.signing_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.san_dns\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.san_dns.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}},{\"name\":\"Push to TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'https://PLACEHOLDER/soctopus/thehive/alert/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","timeFieldName":"@timestamp","title":"*:so-*"},"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-06-16T12:45:20.069Z","version":"Wzc1MywyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - All Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - All Logs\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":29}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Logs Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Logs Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Sender","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Sender\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From\"}}]}"},"id":"7a789740-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzcsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Recipient","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Recipient\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"To\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.to.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Recipient\"}}]}"},"id":"a5742950-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzgsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - TLS","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - TLS\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smtp.tls: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smtp.tls\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TLS\"}}]}"},"id":"e77a2b60-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzksMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smtp.subject.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"0713ebf0-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEwLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}"},"id":"4178ce00-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzExLDFd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:smtp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\"},\"panelIndex\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\"},\"panelIndex\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\"},\"panelIndex\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"d31027fb-a090-474f-9863-712ef30c0b3e\"},\"panelIndex\":\"d31027fb-a090-474f-9863-712ef30c0b3e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\"},\"panelIndex\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\"},\"panelIndex\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\"},\"panelIndex\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":18,\"h\":18,\"i\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\"},\"panelIndex\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":27,\"w\":15,\"h\":18,\"i\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\"},\"panelIndex\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\"},\"panelIndex\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - SMTP","version":1},"id":"00304500-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"7a789740-75e7-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"a5742950-75e7-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"e77a2b60-75e7-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"0713ebf0-75e8-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"4178ce00-75e8-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEyLDFd"} -{"attributes":{"columns":["note","source_ip","destination_ip","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Notices - Logs","version":1},"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE0LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"3027c4f0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE1LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/94b52620-342a-11e7-9d52-4f090484f59e) \\n[Help](/kibana/app/kibana#/dashboard/AV6-POJSDwoBUzALqKAg) \\n\\n**Alert Data** \\n[Bro Notices](/kibana/app/kibana#/dashboard/01600fb0-34e4-11e7-9669-7f1d3242b798) \\n[ElastAlert](/kibana/app/kibana#/dashboard/1d98d620-7dce-11e7-846a-150cdcaf3374) \\n[HIDS](/kibana/app/kibana#/dashboard/0de7a390-3644-11e7-a6f7-4f44d7bf1c33) \\n[NIDS](/kibana/app/kibana#/dashboard/7f27a830-34e5-11e7-9669-7f1d3242b798)   \\n\\n**Bro Hunting** \\n[Connections](/kibana/app/kibana#/dashboard/e0a34b90-34e6-11e7-9118-45bd317f0ca4) \\n[DCE/RPC](/kibana/app/kibana#/dashboard/46582d50-3af2-11e7-a83b-b1b4da7d15f4) \\n[DHCP](/kibana/app/kibana#/dashboard/85348270-357b-11e7-ac34-8965f6420c51) \\n[DNP3](/kibana/app/kibana#/dashboard/2fdf5bf0-3581-11e7-98ef-19df58fe538b) \\n[DNS](/kibana/app/kibana#/dashboard/ebf5ec90-34bf-11e7-9b32-bb903919ead9) \\n[Files](/kibana/app/kibana#/dashboard/2d315d80-3582-11e7-98ef-19df58fe538b) \\n[FTP](/kibana/app/kibana#/dashboard/27f3b380-3583-11e7-a588-05992195c551) \\n[HTTP](/kibana/app/kibana#/dashboard/230134a0-34c6-11e7-8360-0b86c90983fd) \\n[Intel](/kibana/app/kibana#/dashboard/468022c0-3583-11e7-a588-05992195c551) \\n[IRC](/kibana/app/kibana#/dashboard/56a34ce0-3583-11e7-a588-05992195c551) \\n[Kerberos](/kibana/app/kibana#/dashboard/6b0d4870-3583-11e7-a588-05992195c551) \\n[Modbus](/kibana/app/kibana#/dashboard/70c005f0-3583-11e7-a588-05992195c551) \\n[MySQL](/kibana/app/kibana#/dashboard/7929f430-3583-11e7-a588-05992195c551) \\n[NTLM](/kibana/app/kibana#/dashboard/022713e0-3ab0-11e7-a83b-b1b4da7d15f4) \\n[PE](/kibana/app/kibana#/dashboard/8a10e380-3583-11e7-a588-05992195c551) \\n[RADIUS](/kibana/app/kibana#/dashboard/90b246c0-3583-11e7-a588-05992195c551) \\n[RDP](/kibana/app/kibana#/dashboard/97f8c3a0-3583-11e7-a588-05992195c551) \\n[RFB](/kibana/app/kibana#/dashboard/9ef20ae0-3583-11e7-a588-05992195c551) \\n[SIP](/kibana/app/kibana#/dashboard/ad3c0830-3583-11e7-a588-05992195c551) \\n[SMB](/kibana/app/kibana#/dashboard/b3a53710-3aaa-11e7-8b17-0d8709b02c80) \\n[SMTP](/kibana/app/kibana#/dashboard/b10a9c60-3583-11e7-a588-05992195c551) \\n[SNMP](/kibana/app/kibana#/dashboard/b65c2710-3583-11e7-a588-05992195c551) \\n[Software](/kibana/app/kibana#/dashboard/c2c99c30-3583-11e7-a588-05992195c551) \\n[SSH](/kibana/app/kibana#/dashboard/c6ccfc00-3583-11e7-a588-05992195c551) \\n[SSL](/kibana/app/kibana#/dashboard/cca67b60-3583-11e7-a588-05992195c551) \\n[Syslog](/kibana/app/kibana#/dashboard/c4bbe040-76b3-11e7-ba96-cba76a1e264d) \\n[Tunnels](/kibana/app/kibana#/dashboard/d7b54ae0-3583-11e7-a588-05992195c551) \\n[Weird](/kibana/app/kibana#/dashboard/de2da250-3583-11e7-a588-05992195c551) \\n[X.509](/kibana/app/kibana#/dashboard/e5aa7170-3583-11e7-a588-05992195c551) \\n\\n**Host Hunting** \\n[Autoruns](/kibana/app/kibana#/dashboard/61d43810-6d62-11e7-8ddb-e71eb260f4a3) \\n[Beats](/kibana/app/kibana#/dashboard/AWBLNS3CRuBloj96jxub) \\n[Osquery](/kibana/app/kibana#/dashboard/9d0e2da0-14e1-11e9-82f7-0da02d93a48b) \\n[OSSEC](/kibana/app/kibana#/dashboard/3a457d70-3583-11e7-a588-05992195c551)  \\n[Sysmon](/kibana/app/kibana#/dashboard/6d189680-6d62-11e7-8ddb-e71eb260f4a3) \\n\\n**Other** \\n[Domain Stats](/kibana/app/kibana#/dashboard/AWAi6wvxAvKNGEbUWO_j) \\n[Firewall](/kibana/app/kibana#/dashboard/50173bd0-3582-11e7-98ef-19df58fe538b) \\n[Frequency](/kibana/app/kibana#/dashboard/AWAi5k4jAvKNGEbUWFis) \\n[Stats](/kibana/app/kibana#/dashboard/130017f0-46ce-11e7-946f-1bfb1be7c36b) \\n[Syslog](/kibana/app/kibana#/dashboard/4323af90-76e5-11e7-ab14-e1a4c1bc11e0)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"},"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE2LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Source IP Addresses","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"66e26ad0-3580-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE3LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Destination IP Addresses","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"7c47b650-3580-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE4LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Notice Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}}],\"listeners\":{}}"},"id":"07fdf9e0-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE5LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - File MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_mime_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"id":"53c62730-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIwLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - File Description","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_description.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}"},"id":"793c2640-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIxLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Notice - Destination Port (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Notice - Destination Port (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}"},"id":"e85e2150-6e0e-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIyLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Notice - Message/Sub-Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Notice - Message/Sub-Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"msg.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sub_msg.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sub-Message\"}}],\"listeners\":{}}"},"id":"bfeb6210-7bb9-11e7-90ec-cdd3dff73b38","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIzLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG1uC-xQT5EBNmq3dP","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI0LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Bro - Notices - Notice Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Notices - Notice Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Note\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"id":"2a949080-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI1LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Notices - Destination Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"1a879c90-4ca5-11e8-888d-71b91451cf05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI2LDFd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":48,\"i\":\"7\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":48,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":72,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":72,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":136,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":32,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"15\",\"gridData\":{\"w\":48,\"h\":40,\"x\":0,\"y\":96,\"i\":\"15\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"17\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":160,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"panelIndex\":\"18\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"18\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"19\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"19\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - Notices","version":1},"id":"01600fb0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"3027c4f0-34e4-11e7-9669-7f1d3242b798","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"66e26ad0-3580-11e7-98ef-19df58fe538b","name":"panel_2","type":"visualization"},{"id":"7c47b650-3580-11e7-98ef-19df58fe538b","name":"panel_3","type":"visualization"},{"id":"07fdf9e0-39ad-11e7-8472-0151e5b2b475","name":"panel_4","type":"visualization"},{"id":"53c62730-39ad-11e7-8472-0151e5b2b475","name":"panel_5","type":"visualization"},{"id":"793c2640-39ad-11e7-8472-0151e5b2b475","name":"panel_6","type":"visualization"},{"id":"e85e2150-6e0e-11e7-8624-1fb07dd76c6a","name":"panel_7","type":"visualization"},{"id":"bfeb6210-7bb9-11e7-90ec-cdd3dff73b38","name":"panel_8","type":"visualization"},{"id":"AWDG1uC-xQT5EBNmq3dP","name":"panel_9","type":"visualization"},{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"panel_10","type":"search"},{"id":"2a949080-4a3d-11e8-9b0a-f1d33346f773","name":"panel_11","type":"visualization"},{"id":"1a879c90-4ca5-11e8-888d-71b91451cf05","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI3LDFd"} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ntlm\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"NTLM - Logs","version":1},"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI4LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NTLM - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"36f23eb0-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI5LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"id":"e2c8e040-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMwLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Username","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"NTLM - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}"},"id":"4d869ee0-3ab1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMxLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"d37b9330-3af1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMyLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"f3a92f50-3af1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMzLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"d7f162b0-6e1c-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM0LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"NTLM - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHCEx7xQT5EBNmq4Vf","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM1LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NTLM - Hostname to Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"domain_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}"},"id":"75ab1050-4a59-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM2LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server NetBIOS Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server NetBIOS Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_nb_computer_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server NetBIOS Name\"}}]}"},"id":"c23ea470-0edc-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM3LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server DNS Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server DNS Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_dns_computer_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server DNS Name\"}}]}"},"id":"ee6a03f0-0edc-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM4LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server Tree Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server Tree Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_tree_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Tree Name\"}}]}"},"id":"2a054320-0edd-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM5LDFd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":53,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]},\"gridData\":{\"x\":0,\"y\":77,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":24,\"y\":8,\"w\":12,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":53,\"w\":16,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":32,\"y\":53,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":35,\"y\":32,\"w\":13,\"h\":21,\"i\":\"17\"},\"panelIndex\":\"17\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":22,\"y\":32,\"w\":13,\"h\":21,\"i\":\"18\"},\"panelIndex\":\"18\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":21,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"Bro - NTLM","version":1},"id":"022713e0-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"36f23eb0-3ab0-11e7-a83b-b1b4da7d15f4","name":"panel_1","type":"visualization"},{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"panel_2","type":"search"},{"id":"e2c8e040-3ab0-11e7-a83b-b1b4da7d15f4","name":"panel_3","type":"visualization"},{"id":"4d869ee0-3ab1-11e7-a83b-b1b4da7d15f4","name":"panel_4","type":"visualization"},{"id":"d37b9330-3af1-11e7-a83b-b1b4da7d15f4","name":"panel_5","type":"visualization"},{"id":"f3a92f50-3af1-11e7-a83b-b1b4da7d15f4","name":"panel_6","type":"visualization"},{"id":"d7f162b0-6e1c-11e7-b553-7f80727663c1","name":"panel_7","type":"visualization"},{"id":"AWDHCEx7xQT5EBNmq4Vf","name":"panel_8","type":"visualization"},{"id":"75ab1050-4a59-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"},{"id":"c23ea470-0edc-11e9-9846-59f545e7293f","name":"panel_10","type":"visualization"},{"id":"ee6a03f0-0edc-11e9-9846-59f545e7293f","name":"panel_11","type":"visualization"},{"id":"2a054320-0edd-11e9-9846-59f545e7293f","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQwLDFd"} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.category:network\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Network Data","version":1},"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUwLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"id":"0242ab70-6eae-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY3OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion - Files","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Files\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Modules** \\n[Strelka](/kibana/app/kibana#/dashboard/ff689c50-75f3-11ea-9565-7315f4ee5cac) \\n[Zeek](/kibana/app/kibana#/dashboard/ad4d5d60-75f4-11ea-9565-7315f4ee5cac)\"},\"aggs\":[]}"},"id":"9a5058f0-6e99-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQxLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Log Count Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"intervalESValue\":30,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-03-29T18:17:18.800Z\",\"max\":\"2020-03-30T18:17:18.800Z\"}},\"label\":\"@timestamp per 30 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQyLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modules","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Modules\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}]}"},"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQzLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Dataset","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Dataset\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.dataset.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}}]}"},"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ0LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ1LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FIle - Total Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Security Onion - FIle - Total Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.bytes.total: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.bytes.total\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Total Bytes\"}}]}"},"id":"efc25540-75f1-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ2LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.mime_type.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIMEType\"}}]}"},"id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ3LDFd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:file*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"6948ea4a-398f-4ab1-a269-e1e6ecd29e12\"},\"panelIndex\":\"6948ea4a-398f-4ab1-a269-e1e6ecd29e12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":7,\"y\":0,\"w\":15,\"h\":7,\"i\":\"d09eef70-f2b5-4085-b619-11cae812be58\"},\"panelIndex\":\"d09eef70-f2b5-4085-b619-11cae812be58\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":7,\"i\":\"0dd18bd2-6631-4772-b3d0-4a92ff713e3a\"},\"panelIndex\":\"0dd18bd2-6631-4772-b3d0-4a92ff713e3a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":20,\"i\":\"86d343d4-c030-46a3-9f3e-083ccbf28b04\"},\"panelIndex\":\"86d343d4-c030-46a3-9f3e-083ccbf28b04\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":7,\"w\":8,\"h\":20,\"i\":\"2fb5d1e8-4ac6-42c4-852e-9046c2970086\"},\"panelIndex\":\"2fb5d1e8-4ac6-42c4-852e-9046c2970086\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":7,\"w\":10,\"h\":20,\"i\":\"7875de58-924b-4b27-bd51-159b5657659f\"},\"panelIndex\":\"7875de58-924b-4b27-bd51-159b5657659f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":26,\"y\":7,\"w\":10,\"h\":20,\"i\":\"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\"},\"panelIndex\":\"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":7,\"w\":12,\"h\":20,\"i\":\"06055634-ec80-478d-93d5-67e1cc46e1ab\"},\"panelIndex\":\"06055634-ec80-478d-93d5-67e1cc46e1ab\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Files","version":1},"id":"0245be10-6ec1-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"9a5058f0-6e99-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"efc25540-75f1-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ4LDFd"} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SSL - Logs","version":1},"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI2MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Version (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Version (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"02699580-365a-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU3OCwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_sip\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SIP - Logs","version":1},"id":"9e131480-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ2MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Status","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_code\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_msg.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}"},"id":"0291dba0-4c78-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ3NiwxXQ=="} -{"attributes":{"columns":["osquery.columns.permissions","osquery.columns.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome* AND osquery.columns.permissions:('all_urls','privacy')\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Chrome Extensions - Sensitive Permissions","version":1},"id":"040dda10-18d8-11e9-932c-d12d2cf4ee95","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ4NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"04e1aea0-3750-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ2NiwxXQ=="} -{"attributes":{"columns":["osquery.hostname","osquery.columns.username","osquery.LiveQuery","osquery.columns.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome*\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Chrome Extensions","version":1},"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ4MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Changes by Hostname","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"osquery - Chrome Extensions - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"},"id":"04f86530-1a59-11e9-ac0b-cb0ba10141ab","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ4NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"network.protocol:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Top Network Protocols","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Top Network Protocols\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"},"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ5LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Transport","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network - Transport\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUxLDFd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category: network\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\"},\"panelIndex\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":14,\"h\":9,\"i\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\"},\"panelIndex\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":27,\"y\":0,\"w\":21,\"h\":9,\"i\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\"},\"panelIndex\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":13,\"h\":19,\"i\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\"},\"panelIndex\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":19,\"i\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\"},\"panelIndex\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":19,\"i\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\"},\"panelIndex\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":9,\"w\":11,\"h\":19,\"i\":\"3d3199e1-d839-4738-bc99-e030365b7070\"},\"panelIndex\":\"3d3199e1-d839-4738-bc99-e030365b7070\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - Network","version":1},"id":"04ff3ef0-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUyLDFd"} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"event_type:bro_conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Connections - Logs","version":1},"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIwNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Missed Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"missed_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}"},"id":"05088150-3670-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYyMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smb.path.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.path.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"}}]}"},"id":"052df440-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY2NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - GID/SID","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - GID/SID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"GID\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"SID\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.rev: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.gid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"GID\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.signature_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SID\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.rev\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revision\"}}]}"},"id":"053f7130-7734-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY3OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Originator Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Originator Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"original_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"id":"05809df0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI2NywxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Logs","version":1},"id":"84116380-14e1-11e9-82f7-0da02d93a48b","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQwMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Changes by Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"},"id":"05a5ed10-14e4-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQwMywxXQ=="} -{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ftp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"FTP - Logs","version":1},"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzExNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"FTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"06f21d60-35b6-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzExNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Query","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.query.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.query.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Query\"}}]}"},"id":"07065340-72ba-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIyMiwxXQ=="} -{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_intel\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Intel - Logs","version":1},"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE5MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Intel - Indicator Type (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Intel - Indicator Type (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Indicator Type\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"indicator_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Indicator Type\"}}]}"},"id":"07622d60-6e16-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIwMSwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_mysql\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"MySQL - Logs","version":1},"id":"5d624230-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMwOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Command/Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql_command.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql_argument.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}"},"id":"07e25650-3812-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMxMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - HTTP - Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"http.method.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"id":"088aad70-7377-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE3NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Hash - SHA256","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Hash - SHA256\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.hash.sha256.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.sha256.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"08c0b770-772e-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY3NSwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssh\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SSH - Logs","version":1},"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU1NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSH - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"09457310-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU1NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Hash - MD5","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Hash - MD5\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.md5.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MD5\"}}]}"},"id":"09fc6ef0-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ3OCwxXQ=="} -{"attributes":{"columns":["source_ip","syslog-host_from","syslog-priority"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"tags:syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Syslog (All) - Logs","version":1},"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE2MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Host From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Syslog - Host From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Host (From)\"}}],\"listeners\":{}}"},"id":"0a2ce700-76e6-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE2NSwxXQ=="} -{"attributes":{"columns":["host","certificate_subject","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"X.509 - Logs","version":1},"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYyOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_issuer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}"},"id":"0a5f7b30-37d9-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYzMiwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rdp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RDP - Logs","version":1},"id":"823dd600-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM4NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"0b9dea80-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM5MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Certificate Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Certificate Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.certificate_type.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.certificate_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"id":"0c006bb0-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIzNiwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNS - Logs","version":1},"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI1NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Query Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query_type_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}"},"id":"0c338e50-4a4e-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY0OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RADIUS - Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RADIUS - Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"radius.reply_message.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"radius.reply_message.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply\"}}]}"},"id":"0ca071b0-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUzMywxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:conn\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Connections","version":1},"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUzLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Connections Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date_range\",\"params\":{\"id\":\"date\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"params\":{},\"label\":\"@timestamp date ranges\",\"aggType\":\"date_range\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"34721460-6ebc-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU0LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"id":"c9121690-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU1LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - State","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"connection.state.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.state.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"State\"}}]}"},"id":"23b65290-6ea2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU2LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Client Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Client Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Client Bytes\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Bytes\"}}]}"},"id":"98f6e9d0-6ea1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU3LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Responder Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server Bytes\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Bytes\"}}]}"},"id":"70565ec0-6ea1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU4LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - History","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - History\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.history.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"History\"}}]}"},"id":"5414ad60-6ea2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU5LDFd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:conn\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"a05b7540-74b1-40db-b1d6-0e151f5bbaba\"},\"panelIndex\":\"a05b7540-74b1-40db-b1d6-0e151f5bbaba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":13,\"h\":9,\"i\":\"78f096e9-6e6b-4144-a63f-3767deab6c8c\"},\"panelIndex\":\"78f096e9-6e6b-4144-a63f-3767deab6c8c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":9,\"i\":\"f24faa4b-0270-44e6-af45-639e2d39c2c3\"},\"panelIndex\":\"f24faa4b-0270-44e6-af45-639e2d39c2c3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":18,\"i\":\"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\"},\"panelIndex\":\"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":11,\"y\":9,\"w\":12,\"h\":18,\"i\":\"5558d00d-f3fd-4051-96a4-384134149228\"},\"panelIndex\":\"5558d00d-f3fd-4051-96a4-384134149228\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":9,\"w\":13,\"h\":18,\"i\":\"ccdbd90c-299e-4e60-a139-1505f1329071\"},\"panelIndex\":\"ccdbd90c-299e-4e60-a139-1505f1329071\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":18,\"i\":\"d678bf2f-f183-4981-9142-976880029daa\"},\"panelIndex\":\"d678bf2f-f183-4981-9142-976880029daa\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":6,\"y\":27,\"w\":11,\"h\":18,\"i\":\"598bda31-1136-4474-9384-451491a71d23\"},\"panelIndex\":\"598bda31-1136-4474-9384-451491a71d23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":17,\"y\":27,\"w\":12,\"h\":18,\"i\":\"8192def5-399b-4728-8646-edf393b63b7e\"},\"panelIndex\":\"8192def5-399b-4728-8646-edf393b63b7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":27,\"w\":13,\"h\":18,\"i\":\"755322ff-13a8-4121-a2db-6322c037e8b3\"},\"panelIndex\":\"755322ff-13a8-4121-a2db-6322c037e8b3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - Connections","version":1},"id":"0cc628b0-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"34721460-6ebc-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"c9121690-6ea0-11ea-9266-1fd14ca6af34","name":"panel_5","type":"visualization"},{"id":"23b65290-6ea2-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"},{"id":"98f6e9d0-6ea1-11ea-9266-1fd14ca6af34","name":"panel_7","type":"visualization"},{"id":"70565ec0-6ea1-11ea-9266-1fd14ca6af34","name":"panel_8","type":"visualization"},{"id":"5414ad60-6ea2-11ea-9266-1fd14ca6af34","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYwLDFd"} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_modbus\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Modbus - Logs","version":1},"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI5NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Modbus - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI5NiwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_weird\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Weird - Logs","version":1},"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYwNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Weird - Log Count Over TIme\",\"type\":\"line\"}"},"id":"0dbcade0-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYwNywxXQ=="} -{"attributes":{"columns":["alert_level","classification","description"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Alerts","version":1},"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYxLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"4fa0e530-3644-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYyLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Alert Level (Pie Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Alert Level (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Alert Level\"}}]}"},"id":"69d98570-398b-11e7-84f8-a1f7cef50fcb","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYzLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG4pcDxQT5EBNmq3pi","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY0LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Event Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Event Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"description.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Description\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Agent\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Username\"}}]}"},"id":"ee0ba080-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY1LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - User to Escalated User (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - User to Escalated User (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"escalated_user.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Escalated User\"}}]}"},"id":"1de31b40-4a42-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY2LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Command (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Command (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"id":"9ff34f60-4a42-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY3LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Process and Username (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Process and Username (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Process\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"id":"447bd2f0-4a43-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY4LDFd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"h\":60,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":28,\"i\":\"6\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"h\":56,\"i\":\"11\",\"w\":48,\"x\":0,\"y\":88},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"columns\":[\"alert_level\",\"classification\",\"description\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"h\":28,\"i\":\"13\",\"w\":24,\"x\":8,\"y\":8},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":16,\"x\":32,\"y\":36},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"gridData\":{\"h\":28,\"i\":\"15\",\"w\":48,\"x\":0,\"y\":60},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"embeddableConfig\":{\"spy\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":24,\"i\":\"16\",\"w\":24,\"x\":8,\"y\":36},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"OSSEC Alerts","version":1},"id":"0de7a390-3644-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"4fa0e530-3644-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"69d98570-398b-11e7-84f8-a1f7cef50fcb","name":"panel_2","type":"visualization"},{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"},{"id":"AWDG4pcDxQT5EBNmq3pi","name":"panel_4","type":"visualization"},{"id":"ee0ba080-4a3d-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"1de31b40-4a42-11e8-9b0a-f1d33346f773","name":"panel_6","type":"visualization"},{"id":"9ff34f60-4a42-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"},{"id":"447bd2f0-4a43-11e8-9b0a-f1d33346f773","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY5LDFd"} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_snmp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SNMP - Logs","version":1},"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUyMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"0defabb0-36b9-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUyNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion - Alert Data","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Alert Data\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Modules** \\n[Suricata](/kibana/app/kibana#/dashboard/81057f40-7733-11ea-bee5-af7f7c7b8e05) \\n[Zeek](/kibana/app/kibana#/dashboard/fa9ed760-7734-11ea-bee5-af7f7c7b8e05) \\n[Wazuh](/kibana/app/kibana#/dashboard/9480f190-7732-11ea-bee5-af7f7c7b8e05)\"},\"aggs\":[]}"},"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzcwLDFd"} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:alert\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Alerts","version":1},"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzcxLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Alerts - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Alerts - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"id":"931cb6f0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzcyLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Alerts Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Alerts Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"b419b100-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzczLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Rule - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzc0LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - Severity","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Rule - Severity\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rule.severity\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}]}"},"id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzc1LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Rule - Category","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - Category\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"}}]}"},"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzc2LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Destination Ports","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Destination Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzc3LDFd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset: alert\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\",\"w\":10,\"x\":0,\"y\":0},\"panelIndex\":\"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"5a22818d-a0f7-4b39-978f-bee1e4280a54\",\"w\":13,\"x\":10,\"y\":0},\"panelIndex\":\"5a22818d-a0f7-4b39-978f-bee1e4280a54\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"41a7c313-2dc3-4563-8545-a55f57af532c\",\"w\":25,\"x\":23,\"y\":0},\"panelIndex\":\"41a7c313-2dc3-4563-8545-a55f57af532c\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7f00befc-4315-45d2-b686-fa99db9fb79c\",\"w\":29,\"x\":0,\"y\":8},\"panelIndex\":\"7f00befc-4315-45d2-b686-fa99db9fb79c\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"1fa5c765-6991-4ece-a6a4-cdb6f2d35553\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"1fa5c765-6991-4ece-a6a4-cdb6f2d35553\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"eee74597-fa74-4bf6-9c71-429bfe4c3ecd\",\"w\":19,\"x\":0,\"y\":27},\"panelIndex\":\"eee74597-fa74-4bf6-9c71-429bfe4c3ecd\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"fa0e8955-a837-400c-abcb-43394471b39d\",\"w\":10,\"x\":19,\"y\":27},\"panelIndex\":\"fa0e8955-a837-400c-abcb-43394471b39d\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"b60abef8-9b1e-4bae-ac3f-d7eb5a230430\",\"w\":10,\"x\":29,\"y\":27},\"panelIndex\":\"b60abef8-9b1e-4bae-ac3f-d7eb5a230430\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"799598a4-39de-455d-bc39-409466b8b119\",\"w\":9,\"x\":39,\"y\":27},\"panelIndex\":\"799598a4-39de-455d-bc39-409466b8b119\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - Alerts","version":1},"id":"0e4af1d0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"931cb6f0-72ae-11ea-8dd2-9d8795a1200b","name":"panel_1","type":"visualization"},{"id":"b419b100-72ae-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzc4LDFd"} -{"attributes":{"columns":["event_type","source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:sysmon\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Sysmon - Logs","version":1},"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI4MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_hostname.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Hostname\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_hostname.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Hostname\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}"},"id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI4NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"kerberos.client.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"id":"0ecc7310-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUwNiwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"All Logs","version":1},"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzc5LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sensors/Devices - Total Number of Logs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sensors/Devices - Total Number of Logs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor/Device\"}}]}"},"id":"0f25aac0-3434-11e7-8867-29a39c0f86b2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzgxLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Direction","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Direction\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.direction.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.direction.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Direction\"}}]}"},"id":"104a4a90-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQwOCwxXQ=="} -{"attributes":{"columns":["source_ip","destination_ip","message_types","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dhcp\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DHCP - Logs","version":1},"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMzNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"id":"1055ada0-3655-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMzNywxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dce_rpc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DCE/RPC - Logs","version":1},"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE3OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"10b8a610-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE4MiwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_radius\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RADIUS - Logs","version":1},"id":"75545310-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM1NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - MAC","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mac.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}"},"id":"10cd7190-3809-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM2MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Sum of Total Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Sum of Total Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"id":"1156b1e0-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY2MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Logstash - Processing Performance","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Logstash - Processing Performance\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Log Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Average processing time\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"4\",\"label\":\"Standard Deviation of logstash_time\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\",\"customLabel\":\"Average processing time\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"size\":20,\"orderAgg\":{\"id\":\"2-orderAgg\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"logstash_time\"}},\"order\":\"desc\",\"orderBy\":\"custom\",\"customLabel\":\"Log Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"std_dev\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"id":"f86bc870-46ce-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzgwLDFd"} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"tags:_grokparsefailure OR tags:_csvparsefailure OR tags:_rubyexception\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Errors","version":1},"id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzgyLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Logstash - Error Type (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Logstash - Error Type (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tags.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"exclude\":\"\",\"include\":\"_csvparsefailure|_grokparsefailure|_rubyexception\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"3a273780-46d0-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzgzLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Avg Processing Time","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Avg Processing Time\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"id":"AWDHIynExQT5EBNmq49q","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzg0LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Median Processing TIme","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Median Processing TIme\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"median\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\",\"percents\":[50]}}],\"listeners\":{}}"},"id":"AWDHJY1BxQT5EBNmq5Ay","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzg1LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Max Processing Time","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Max Processing Time\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"id":"AWDHJpuBxQT5EBNmq5Cr","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzg2LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"tags:_grokparsefailure OR tags:_csvparsefailure OR tags:_rubyexception\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Error Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Error Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHKEF2xQT5EBNmq5FA","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzg3LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Sensors/Devices and Services","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sensors/Devices and Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sensor_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}"},"id":"d8214de0-4a3a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzg4LDFd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":12,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":12,\"h\":28,\"x\":8,\"y\":36,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":64,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":8,\"h\":64,\"x\":0,\"y\":0,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":88,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":12,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":12,\"x\":16,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":12,\"x\":24,\"y\":0,\"i\":\"17\"},\"panelIndex\":\"17\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":12,\"x\":32,\"y\":0,\"i\":\"18\"},\"panelIndex\":\"18\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"w\":28,\"h\":28,\"x\":20,\"y\":36,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Stats","version":1},"id":"130017f0-46ce-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"f86bc870-46ce-11e7-946f-1bfb1be7c36b","name":"panel_0","type":"visualization"},{"id":"0f25aac0-3434-11e7-8867-29a39c0f86b2","name":"panel_1","type":"visualization"},{"id":"3a273780-46d0-11e7-946f-1bfb1be7c36b","name":"panel_2","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_3","type":"visualization"},{"id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","name":"panel_4","type":"search"},{"id":"AWDHIynExQT5EBNmq49q","name":"panel_5","type":"visualization"},{"id":"AWDHJY1BxQT5EBNmq5Ay","name":"panel_6","type":"visualization"},{"id":"AWDHJpuBxQT5EBNmq5Cr","name":"panel_7","type":"visualization"},{"id":"AWDHKEF2xQT5EBNmq5FA","name":"panel_8","type":"visualization"},{"id":"d8214de0-4a3a-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzg5LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination - Sum of Total Bytes ( Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Destination - Sum of Total Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"id":"1342e630-4632-11e7-9903-85f789353078","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU4NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}}]}"},"id":"13ed0810-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI4OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Connection State","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection_state_description.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection State Description\"}}],\"listeners\":{}}"},"id":"13fe29c0-3b17-11e7-b871-5f76306b9694","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYyMiwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rfb\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RFB - Logs","version":1},"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQxNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Exclusive Session (Donut Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"RFB - Exclusive Session (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"share_flag.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"14274040-371f-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQxOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Agents","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Agents\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"agent.type.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"agent.version.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"},"id":"14ed9540-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY4MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Key Length (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Key Length (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"certificate_key_length\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Key Length\"}}],\"listeners\":{}}"},"id":"150f7280-6e37-11e7-a8d6-ed2e692de531","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYzMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - Description","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"id":"1563f380-7737-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY4MSwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(event_type:bro_smb_mapping OR event_type:bro_smb_files)\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SMB - Logs","version":1},"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUxMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"15b4e7a0-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUxMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Server Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Server Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.address.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Address\"}}]}"},"id":"15fa3b30-7375-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY4MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"178209e0-6e1b-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI5OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"19dfd180-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM5MSwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event_type:ids\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"NIDS - Alerts","version":1},"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI1NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Drilldown - Alert Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS - Drilldown - Alert Title\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":12}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.keyword\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"}}]}"},"id":"1b3faca0-e064-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY1MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Source IP Address","uiStateJSON":"{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"1b837b00-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYwOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Total Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Total Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"1c2aeb50-365e-11e7-b896-5bdd6bfa1561","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM3NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.service.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"1c6567b0-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY2MywxXQ=="} -{"attributes":{"columns":["entry","entry_location","image_path","hostname","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:autoruns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Autoruns - Logs","version":1},"id":"dd700830-6d69-11e7-ad64-15aa071374a6","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIzOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Profile","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Profile\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"profile.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Profile\"}}],\"listeners\":{}}"},"id":"1cd6a970-6d79-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI0MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"ElastAlert - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"969e4820-7dce-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzkxLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Alert Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Alert Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert_info.type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert Type\"}}],\"listeners\":{}}"},"id":"f7998d60-7dce-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzkyLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Rule","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Rule\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule_name\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule\"}}],\"listeners\":{}}"},"id":"5e1dc100-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzkzLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.source_ip.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}"},"id":"8ec77cb0-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzk0LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.destination_ip.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}"},"id":"a26faee0-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzk1LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"ce25b750-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzk2LDFd"} -{"attributes":{"columns":["rule_name","matches","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"ElastAlert","version":1},"id":"e8840d40-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzk3LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Elastalert - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Elastalert - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG7DVRxQT5EBNmq3zM","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzk4LDFd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"4\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":48,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{\"columns\":[\"rule_name\",\"matches\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"10\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"},\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"ElastAlert","version":1},"id":"1d98d620-7dce-11e7-846a-150cdcaf3374","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"969e4820-7dce-11e7-a1a2-3be6827d22ce","name":"panel_1","type":"visualization"},{"id":"f7998d60-7dce-11e7-a1a2-3be6827d22ce","name":"panel_2","type":"visualization"},{"id":"5e1dc100-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_3","type":"visualization"},{"id":"8ec77cb0-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_4","type":"visualization"},{"id":"a26faee0-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_5","type":"visualization"},{"id":"ce25b750-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_6","type":"visualization"},{"id":"e8840d40-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_7","type":"search"},{"id":"AWDG7DVRxQT5EBNmq3zM","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"Wzk5LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"1ecdd2e0-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY0MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Method (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Method (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"method.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}"},"id":"1ef5c230-6e24-11e7-a261-55504638cf3b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ3MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Command/Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.command.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.argument.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.command.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.argument.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Argument\"}}]}"},"id":"1f306f60-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU0MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI5NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - FC Reply","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - FC Reply\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dnp3.fc_reply.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FC Reply\"}}]}"},"id":"214793c0-75b9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUwNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"21d090d0-365b-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU4MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Response Code (Name)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rcode_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}"},"id":"22f7de30-4949-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY0NywxXQ=="} -{"attributes":{"columns":["source_ip","destination_ip","destination_port","resp_fuids","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_http\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"HTTP - Logs","version":1},"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEwMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"37f19e40-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEwMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Sites","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}"},"id":"8ba31820-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEwMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"\\\"application/x-dosexec\\\"\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP - Sites Hosting EXEs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}"},"id":"7153e7f0-34c7-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEwMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - URIs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"uri.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}"},"id":"aa7abb00-34e3-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEwNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"ae1f1fb0-3648-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEwNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"d0f56da0-3648-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEwNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"useragent.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}"},"id":"ae591c20-4164-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEwNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Referrer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"referrer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"2a7c21d0-4165-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEwOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - MIME Type (Tag Cloud)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - MIME Type (Tag Cloud)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":40},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"resp_mime_types.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"id":"934fe550-6e08-11e7-9370-174c4785d3e1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEwOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Destination Port (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Destination Port (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}"},"id":"3f4abb40-6e0a-11e7-84cc-b363f104b3c7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzExMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Destination Country (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Destination Country (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}"},"id":"e41a0bd0-6e0a-11e7-84cc-b363f104b3c7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzExMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"HTTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG97t7xQT5EBNmq4E1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzExMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Status and Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"HTTP - Status and Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Status Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"method.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}]}"},"id":"66faa650-4c99-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzExMywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":52,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":88,\"w\":48,\"h\":24,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":112,\"w\":48,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":0,\"y\":136,\"w\":48,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":216,\"w\":48,\"h\":36,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"resp_fuids\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"14\",\"gridData\":{\"x\":0,\"y\":52,\"w\":24,\"h\":24,\"i\":\"14\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":24,\"y\":52,\"w\":24,\"h\":24,\"i\":\"15\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"16\",\"gridData\":{\"x\":0,\"y\":188,\"w\":48,\"h\":28,\"i\":\"16\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"17\",\"gridData\":{\"x\":0,\"y\":160,\"w\":48,\"h\":28,\"i\":\"17\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"19\",\"gridData\":{\"x\":0,\"y\":76,\"w\":48,\"h\":12,\"i\":\"19\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"panelIndex\":\"20\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"20\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"embeddableConfig\":{\"vis\":{\"colors\":{\"Count\":\"#629E51\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"},{\"panelIndex\":\"23\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"23\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"},{\"panelIndex\":\"24\",\"gridData\":{\"x\":8,\"y\":28,\"w\":40,\"h\":24,\"i\":\"24\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - HTTP","version":1},"id":"230134a0-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"37f19e40-34c6-11e7-8360-0b86c90983fd","name":"panel_1","type":"visualization"},{"id":"8ba31820-34c6-11e7-8360-0b86c90983fd","name":"panel_2","type":"visualization"},{"id":"7153e7f0-34c7-11e7-8360-0b86c90983fd","name":"panel_3","type":"visualization"},{"id":"aa7abb00-34e3-11e7-9669-7f1d3242b798","name":"panel_4","type":"visualization"},{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"ae1f1fb0-3648-11e7-bf60-314364dd1cde","name":"panel_6","type":"visualization"},{"id":"d0f56da0-3648-11e7-bf60-314364dd1cde","name":"panel_7","type":"visualization"},{"id":"ae591c20-4164-11e7-9850-b78558d0ac17","name":"panel_8","type":"visualization"},{"id":"2a7c21d0-4165-11e7-9850-b78558d0ac17","name":"panel_9","type":"visualization"},{"id":"934fe550-6e08-11e7-9370-174c4785d3e1","name":"panel_10","type":"visualization"},{"id":"3f4abb40-6e0a-11e7-84cc-b363f104b3c7","name":"panel_11","type":"visualization"},{"id":"e41a0bd0-6e0a-11e7-84cc-b363f104b3c7","name":"panel_12","type":"visualization"},{"id":"AWDG97t7xQT5EBNmq4E1","name":"panel_13","type":"visualization"},{"id":"66faa650-4c99-11e8-9b0a-f1d33346f773","name":"panel_14","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzExNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Validation Status","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"validation_status.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}"},"id":"23d22bd0-70b4-11e7-810e-2bafe9e41c10","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU4MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Connections - Bytes and Duration","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Bytes and Duration\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Top Total Bytes](/kibana/app/kibana#/dashboard/a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b) \\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/68f738e0-46ca-11e7-946f-1bfb1be7c36b) | [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/b65775e0-46cb-11e7-946f-1bfb1be7c36b) \\n[Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f042ad60-46c6-11e7-946f-1bfb1be7c36b) | [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/ccfcc540-4638-11e7-a82e-d97152153689) \\n[Source - Top Connection Duration](/kibana/app/kibana#/dashboard/4e108070-46c7-11e7-946f-1bfb1be7c36b) | [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/ea211360-46c4-11e7-a82e-d97152153689)\",\"fontSize\":12,\"openLinksInNewTab\":false},\"aggs\":[]}"},"id":"25ce6eb0-463b-11e7-a82e-d97152153689","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYyMywxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_tunnels\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Tunnels - Logs","version":1},"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU4OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"26457730-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU5MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"265a04d0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQxNiwxXQ=="} -{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Syslog (Bro) - Logs","version":1},"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU0NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.method.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"id":"272b8ab0-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU5OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Bro - Connections - Service By Destination Country","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Bro - Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}"},"id":"277f3250-4161-11e7-8493-51634b0a4565","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM3NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RADIUS - Result","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - RADIUS - Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"radius.result.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}"},"id":"27ab8260-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUzNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp_argument.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}"},"id":"e1907430-35b6-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzExNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Reply Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Reply Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"reply_message.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply Message\"}}],\"listeners\":{}}"},"id":"adcd38e0-3679-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzExOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"FTP - Reply Code","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"FTP - Reply Code\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"reply_code.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"a0cb0860-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzExOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"cf9e5660-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEyMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"f1d3d070-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEyMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Username","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"FTP - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}"},"id":"f9904390-3bff-11e7-be35-e7fc4052ff75","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEyMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"eead8540-6e14-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEyMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"FTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG9sT_xQT5EBNmq4DI","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEyNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"FTP - Command","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp_command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}"},"id":"d5681260-4c8c-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEyNSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":20,\"y\":8,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":32,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":56,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":56,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":32,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"fuid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"14\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"15\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":8,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - FTP","version":1},"id":"27f3b380-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"06f21d60-35b6-11e7-a994-c528746bc6e8","name":"panel_1","type":"visualization"},{"id":"e1907430-35b6-11e7-a994-c528746bc6e8","name":"panel_2","type":"visualization"},{"id":"adcd38e0-3679-11e7-8c78-e3086faf385c","name":"panel_3","type":"visualization"},{"id":"a0cb0860-367a-11e7-8c78-e3086faf385c","name":"panel_4","type":"visualization"},{"id":"cf9e5660-367a-11e7-8c78-e3086faf385c","name":"panel_5","type":"visualization"},{"id":"f1d3d070-367a-11e7-8c78-e3086faf385c","name":"panel_6","type":"visualization"},{"id":"f9904390-3bff-11e7-be35-e7fc4052ff75","name":"panel_7","type":"visualization"},{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"panel_8","type":"search"},{"id":"eead8540-6e14-11e7-8624-1fb07dd76c6a","name":"panel_9","type":"visualization"},{"id":"AWDG9sT_xQT5EBNmq4DI","name":"panel_10","type":"visualization"},{"id":"d5681260-4c8c-11e8-9b0a-f1d33346f773","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEyNiwxXQ=="} -{"attributes":{"columns":["alert_level","classification","description"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Logs","version":1},"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE1NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"OSSEC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"2817b300-3643-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE1OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Key Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - Key Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.basic_constraints.ca: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"x509.certificate.key.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"2895c940-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE0MCwxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:http\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - HTTP","version":1},"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE2OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Virtual Host","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Virtual Host\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.virtual_host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Virtual Host\"}}]}"},"id":"28bf2ef0-6eb7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE3NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top Source IPs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top Source IPs\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"28c27f80-3b05-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU3NCwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","request_type","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_kerberos\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Kerberos - Logs","version":1},"id":"452daa10-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI2OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"28d04080-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI3NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"CLient\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"id":"292b1db0-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQwNSwxXQ=="} -{"attributes":{"columns":["file_ip","destination_ip","source","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_files\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Files - Logs","version":1},"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEyNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"295d7ed0-3656-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEzMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Target Filename","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Target Filename\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"target_filename.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Filename\"}}],\"listeners\":{}}"},"id":"29611940-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI5MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"id":"296823d0-366f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYxOCwxXQ=="} -{"attributes":{"columns":["action","reason","source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:firewall\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Firewall - Logs","version":1},"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIwOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Action/Reason (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Action/Reason (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Action\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"reason.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reason\"}}],\"listeners\":{}}"},"id":"2a1eb100-6d82-11e7-bcd4-0d514e0e7da1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIxMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SNMP - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"2a3ae810-36ba-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUyOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Lease Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Lease Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dhcp.lease_time: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.lease_time\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Lease Time\"}}]}"},"id":"2af5f980-96e2-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMzMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Client/Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"id":"2bbdc020-6e34-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU2MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Files - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"6571ee10-3584-11e7-a588-05992195c551","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEyOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Files By Size (Bytes)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"seen_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Bytes Seen\"}}],\"listeners\":{}}"},"id":"cb3f3850-3585-11e7-8f28-2b291d0f6d86","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEyOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_ip.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}"},"id":"67ab33d0-3656-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEzMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Files - MIME Type (Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Files - MIME Type (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MIME Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mimetype.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}]}"},"id":"8c57f3d0-3674-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEzMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mimetype.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"id":"aa021c90-3678-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEzMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Files - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG9goqxQT5EBNmq4BP","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEzNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Files - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Files - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}"},"id":"dff32860-4c8b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEzNSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"2\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"file_ip\",\"destination_ip\",\"source\",\"uid\",\"fuid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":48,\"i\":\"7\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":48,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"12\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - Files","version":1},"id":"2d315d80-3582-11e7-98ef-19df58fe538b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"6571ee10-3584-11e7-a588-05992195c551","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"cb3f3850-3585-11e7-8f28-2b291d0f6d86","name":"panel_3","type":"visualization"},{"id":"295d7ed0-3656-11e7-baa7-b7de4ee40605","name":"panel_4","type":"visualization"},{"id":"67ab33d0-3656-11e7-baa7-b7de4ee40605","name":"panel_5","type":"visualization"},{"id":"8c57f3d0-3674-11e7-8c78-e3086faf385c","name":"panel_6","type":"visualization"},{"id":"aa021c90-3678-11e7-8c78-e3086faf385c","name":"panel_7","type":"visualization"},{"id":"AWDG9goqxQT5EBNmq4BP","name":"panel_8","type":"visualization"},{"id":"dff32860-4c8b-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEzNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos - Request Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos - Request Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.request_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request Type\"}}]}"},"id":"2d73e460-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUwNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"2da139c0-34e7-11e7-9118-45bd317f0ca4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYxNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Content Type (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Content Type (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"content_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"2db47070-3754-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ3MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"e3fb39a0-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEzNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.certificate.issuer.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.issuer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Issuer\"}}]}"},"id":"b7334c00-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEzOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - SAN DNS","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - SAN DNS\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.san_dns.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.san_dns.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SAN DNS\"}}]}"},"id":"47f40770-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzEzOSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:x509\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"2d374b61-ac4b-4f89-aec2-254ab0a2e011\"},\"panelIndex\":\"2d374b61-ac4b-4f89-aec2-254ab0a2e011\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":8,\"i\":\"7372042e-3e70-4764-abb1-0c4c9288ff23\"},\"panelIndex\":\"7372042e-3e70-4764-abb1-0c4c9288ff23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"eee8c3b6-66eb-4427-99ed-459c294599c7\"},\"panelIndex\":\"eee8c3b6-66eb-4427-99ed-459c294599c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":21,\"h\":21,\"i\":\"3c5d4fc3-bad7-435e-aadc-21de562b638d\"},\"panelIndex\":\"3c5d4fc3-bad7-435e-aadc-21de562b638d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":21,\"y\":8,\"w\":27,\"h\":21,\"i\":\"0a395978-b95f-4bfc-82fa-737307cd8ebd\"},\"panelIndex\":\"0a395978-b95f-4bfc-82fa-737307cd8ebd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":21,\"y\":29,\"w\":27,\"h\":18,\"i\":\"3fb3ec30-312a-45aa-93be-b8955615bf71\"},\"panelIndex\":\"3fb3ec30-312a-45aa-93be-b8955615bf71\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":29,\"w\":21,\"h\":18,\"i\":\"007d1727-a948-4770-96c8-a5f130261cf8\"},\"panelIndex\":\"007d1727-a948-4770-96c8-a5f130261cf8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - X509","version":1},"id":"2e0865f0-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"e3fb39a0-75ee-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"b7334c00-75ee-11ea-9565-7315f4ee5cac","name":"panel_4","type":"visualization"},{"id":"47f40770-75ef-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"2895c940-75ef-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE0MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Cookie","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.cookie.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.cookie.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cookie\"}}]}"},"id":"2e7363f0-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIzNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Entry","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Entry\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"entry.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Entry\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"entry_location.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Entry Location\"}}],\"listeners\":{}}"},"id":"2ef9ccd0-6d7a-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI0NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Change Stats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"osquery - Change Stats\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.hostIdentifier.keyword\",\"customLabel\":\"Endpoints\"}}]}"},"id":"2f556c90-14e3-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQwMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:files\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Analyzer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Analyzer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.analyzer.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.analyzer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Analyzer\"}}]}"},"id":"2fc4bea0-7730-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ3OSwxXQ=="} -{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dnp3\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNP3 - Logs","version":1},"id":"c2587840-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE0MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNP3 - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"593f1850-3581-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE0MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"dde8c8a0-3719-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE0NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"ef7546c0-3719-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE0NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"4898f230-6e0e-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE0NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DNP3 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG9DWvxQT5EBNmq3-m","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE0NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNP3 - Function Request","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_request.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request\"}}]}"},"id":"857c6760-4a4d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE0OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNP3 - Function Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_reply.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply\"}}]}"},"id":"bd5435f0-4a4d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE0OSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":8,\"y\":32,\"w\":12,\"h\":24,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":20,\"y\":32,\"w\":12,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":24,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"x\":32,\"y\":32,\"w\":16,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"14\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - DNP3","version":1},"id":"2fdf5bf0-3581-11e7-98ef-19df58fe538b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"593f1850-3581-11e7-98ef-19df58fe538b","name":"panel_1","type":"visualization"},{"id":"dde8c8a0-3719-11e7-90f8-87842d5eedc9","name":"panel_2","type":"visualization"},{"id":"ef7546c0-3719-11e7-90f8-87842d5eedc9","name":"panel_3","type":"visualization"},{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"4898f230-6e0e-11e7-8624-1fb07dd76c6a","name":"panel_5","type":"visualization"},{"id":"AWDG9DWvxQT5EBNmq3-m","name":"panel_6","type":"visualization"},{"id":"857c6760-4a4d-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"},{"id":"bd5435f0-4a4d-11e8-9b0a-f1d33346f773","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE1MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Intel - Seen (Donut Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Intel - Seen (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"seen_where.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Seen (Where)\"}}]}"},"id":"3013af40-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE5MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RADIUS - Authentication Result","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"RADIUS - Authentication Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"result.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"30348db0-4a5b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM2NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - File/Path Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"action.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}"},"id":"306c4330-4175-11e7-a0f7-47f4c03e3306","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUxNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}]}"},"id":"3072c750-6d71-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI4NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion - Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Navigation\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Event Category** \\n[Alert](/kibana/app/kibana#/dashboard/0e4af1d0-72ae-11ea-8dd2-9d8795a1200b) | \\n[File](/kibana/app/kibana#/dashboard/0245be10-6ec1-11ea-9266-1fd14ca6af34) |\\n[Host](/kibana/app/kibana#/dashboard/92e63cc0-6ec0-11ea-9266-1fd14ca6af34) | [Network](/kibana/app/kibana#/dashboard/04ff3ef0-6ea4-11ea-9266-1fd14ca6af34) \"},\"aggs\":[]}"},"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE1MSwxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - All Logs","version":1},"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE1MiwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":8,\"i\":\"c706b8e5-9d49-4700-a3ea-26e86ac3a4c4\"},\"panelIndex\":\"c706b8e5-9d49-4700-a3ea-26e86ac3a4c4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":0,\"w\":16,\"h\":8,\"i\":\"77c5d557-83e4-40b9-9177-388db29d711d\"},\"panelIndex\":\"77c5d557-83e4-40b9-9177-388db29d711d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":8,\"i\":\"f044ff9c-455a-4085-88c8-92e9ead2bba0\"},\"panelIndex\":\"f044ff9c-455a-4085-88c8-92e9ead2bba0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"54873f75-4452-4938-840d-3a2f50547a88\"},\"panelIndex\":\"54873f75-4452-4938-840d-3a2f50547a88\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":13,\"h\":19,\"i\":\"30749cb6-18ad-4069-b18d-5912086fff9c\"},\"panelIndex\":\"30749cb6-18ad-4069-b18d-5912086fff9c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":19,\"i\":\"7c498d50-d009-493a-a8c9-c91303ad5556\"},\"panelIndex\":\"7c498d50-d009-493a-a8c9-c91303ad5556\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":19,\"i\":\"2f69e716-e6e9-4595-801d-8f59b7d2c574\"},\"panelIndex\":\"2f69e716-e6e9-4595-801d-8f59b7d2c574\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":31,\"i\":\"6ddfd0a2-337e-47d1-8d4c-bc386a4210af\"},\"panelIndex\":\"6ddfd0a2-337e-47d1-8d4c-bc386a4210af\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Indicator","version":1},"id":"30d0ac90-729f-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE1MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"id":"30e97190-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE3MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"312cd460-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYwOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Server Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.server_major_version.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.server_major_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.server_minor_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Minor Version\"}}]}"},"id":"316e90a0-75c8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU2OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"id":"317f8410-3655-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMzOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"31f5e040-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUxMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Tunnels - Action (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Action (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}}]}"},"id":"33b39a60-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU5NSwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_irc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"IRC - Logs","version":1},"id":"344c6010-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIyNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Severity (Horizontal Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false},\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Severity (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Severity\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"severity.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Severity\"}}],\"listeners\":{}}"},"id":"346e5c30-76b7-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU1MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Share Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Share Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.share_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"34762420-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY2MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Intel - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"361d0bd0-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE5MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Changes by Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Changes by Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Change Type\"}}]}"},"id":"369e16e0-14e4-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQwMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Certificate Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}"},"id":"3753e110-365a-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU3NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - IRC - Command Info","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - IRC - Command Info\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.command.info.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"irc.command.info.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Info\"}}]}"},"id":"db279540-75bb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE1NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - User Command Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - User Command Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.nickname.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Command Type\",\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.username.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.username.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.nickname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.command.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Type\"}}]}"},"id":"f7ee5fb0-75bb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE1NSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:irc\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"2d2b4444-14c0-4812-a22e-ca6d509a0c7f\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"2d2b4444-14c0-4812-a22e-ca6d509a0c7f\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\",\"w\":16,\"x\":13,\"y\":0},\"panelIndex\":\"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"147c5d40-556b-4b41-a1bb-ed0976fae0c8\",\"w\":19,\"x\":29,\"y\":0},\"panelIndex\":\"147c5d40-556b-4b41-a1bb-ed0976fae0c8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"9a9084a5-0f74-4bdd-befd-b9bece56ea53\",\"w\":8,\"x\":0,\"y\":8},\"panelIndex\":\"9a9084a5-0f74-4bdd-befd-b9bece56ea53\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"9ffba622-36f6-4343-b0a3-1c59e3f6d297\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"9ffba622-36f6-4343-b0a3-1c59e3f6d297\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"f0f0af04-4f81-437a-ada5-173a1ef8bd11\",\"w\":15,\"x\":17,\"y\":8},\"panelIndex\":\"f0f0af04-4f81-437a-ada5-173a1ef8bd11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"3dab7339-3266-4127-86f3-eef2108d5dbf\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"3dab7339-3266-4127-86f3-eef2108d5dbf\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - IRC","version":1},"id":"38523560-75ba-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"db279540-75bb-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"f7ee5fb0-75bb-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE1NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Summary - Drilldown","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Summary - Drilldown\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}"},"id":"3a1b54b0-e061-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY1MSwxXQ=="} -{"attributes":{"columns":["message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:ossec_archive\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Archive","version":1},"id":"ebf74e90-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE1OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"OSSEC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHHXl3xQT5EBNmq42U","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE2MCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":8,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"alert_level\",\"classification\",\"description\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":48,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"columns\":[\"message\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}]","timeRestore":false,"title":"OSSEC","version":1},"id":"3a457d70-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"2817b300-3643-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"panel_2","type":"search"},{"id":"ebf74e90-342f-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"},{"id":"AWDHHXl3xQT5EBNmq42U","name":"panel_4","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE2MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Response","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Response\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.response.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"3af496e0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU0NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Image","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Sysmon - Image\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"None\",\"exclude\":\"\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parent_image_path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"None\",\"exclude\":\"\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Parent Image\"}}]}"},"id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI4OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Priority (Vertical bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Syslog - Priority (Vertical bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Priority\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog-priority.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Priority\"}}],\"listeners\":{}}"},"id":"3bf1fdc0-76e6-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE2NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"id":"3c073d20-6e17-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIyOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Modbus - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}]}"},"id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI5OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"3cdf2400-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU5MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.action.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"3e6037d0-75f2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY4MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"id":"3f040620-4a44-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMyNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"3f34faa0-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI3NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Agent - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Agent - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"id":"407784f0-7738-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM3MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Source IP","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}"},"id":"41a33c80-3b0d-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ1NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"41bee360-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYyOSwxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:creation_date AND creation_date:[now-3M TO now]\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNS - Domains with creation date < 3 months","version":1},"id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ0MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Baby Domain Requests","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Baby Domain Requests\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"creation_date\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\"}}],\"listeners\":{}}"},"id":"41ec0ca0-6f13-11e7-86c8-a1b6db3b051a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ0MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SNMP - Community String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"snmp.community.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"snmp.community.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Community String\"}}]}"},"id":"424ace90-75e9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM4NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"endpoint.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}"},"id":"42b17660-4a47-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE4OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 10 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"79a2a4e0-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE2MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Syslog - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-sourceip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"id":"e7a99b10-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE2NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHKVLMxQT5EBNmq5HX","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE2NywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":24,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":24,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":48,\"h\":60,\"x\":0,\"y\":48,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"syslog-host_from\",\"syslog-priority\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}]","timeRestore":false,"title":"Syslog","version":1},"id":"4323af90-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"79a2a4e0-76e5-11e7-ab14-e1a4c1bc11e0","name":"panel_1","type":"visualization"},{"id":"e7a99b10-76e5-11e7-ab14-e1a4c1bc11e0","name":"panel_2","type":"visualization"},{"id":"0a2ce700-76e6-11e7-ab14-e1a4c1bc11e0","name":"panel_3","type":"visualization"},{"id":"3bf1fdc0-76e6-11e7-ab14-e1a4c1bc11e0","name":"panel_4","type":"visualization"},{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"panel_5","type":"search"},{"id":"AWDHKVLMxQT5EBNmq5HX","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE2OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Tunnels - Type (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Type (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tunnel_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"43b2b040-3807-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU5MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Key Algorithm (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Certificate Key Algorithm (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"certificate_key_algorithm.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}],\"listeners\":{}}"},"id":"446e85c0-6e37-11e7-a8d6-ed2e692de531","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYzNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Least Common HTTP Methods","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Least Common HTTP Methods\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":13,\"maxFontSize\":39,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.method.keyword\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"6411e5b0-6eb2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE3MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"id":"51ad64d0-6eb7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE3MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"id":"6d0fb2b0-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE3MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - UserAgent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - UserAgent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"UserAgent\"}}]}"},"id":"c2f93f40-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE3NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"http.uri.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URI\"}}]}"},"id":"f22e8660-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE3NywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:http\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"6e3caf86-a1ea-4363-9c73-205de5f43ba9\"},\"panelIndex\":\"6e3caf86-a1ea-4363-9c73-205de5f43ba9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"0b0546ef-637b-4a40-b87b-a454b78cc810\"},\"panelIndex\":\"0b0546ef-637b-4a40-b87b-a454b78cc810\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"9c49b93a-5b5d-4613-8342-c01c69970bce\"},\"panelIndex\":\"9c49b93a-5b5d-4613-8342-c01c69970bce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":9,\"w\":9,\"h\":18,\"i\":\"377e3099-7aec-474c-9201-2f1845c58d24\"},\"panelIndex\":\"377e3099-7aec-474c-9201-2f1845c58d24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":18,\"i\":\"15d7c88b-1619-4290-8968-fa2adfddd72f\"},\"panelIndex\":\"15d7c88b-1619-4290-8968-fa2adfddd72f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":18,\"i\":\"d1219968-6b7f-4040-9c75-0611b9cbf8a0\"},\"panelIndex\":\"d1219968-6b7f-4040-9c75-0611b9cbf8a0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":9,\"w\":23,\"h\":18,\"i\":\"1b444602-2f1c-4c32-85fc-1e5f46235303\"},\"panelIndex\":\"1b444602-2f1c-4c32-85fc-1e5f46235303\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":11,\"h\":18,\"i\":\"9b1df72c-b6fd-4abd-a961-32176c26cc3d\"},\"panelIndex\":\"9b1df72c-b6fd-4abd-a961-32176c26cc3d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":11,\"y\":27,\"w\":10,\"h\":18,\"i\":\"52c3ab70-9b8d-4c26-953d-f1a943fdff38\"},\"panelIndex\":\"52c3ab70-9b8d-4c26-953d-f1a943fdff38\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":21,\"y\":27,\"w\":27,\"h\":18,\"i\":\"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\"},\"panelIndex\":\"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - HTTP","version":1},"id":"44e9c820-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"6411e5b0-6eb2-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"51ad64d0-6eb7-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"6d0fb2b0-6eb6-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"30e97190-6eb6-11ea-9266-1fd14ca6af34","name":"panel_5","type":"visualization"},{"id":"c2f93f40-6ed7-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"},{"id":"088aad70-7377-11ea-a3da-cbdb4f8a90c0","name":"panel_7","type":"visualization"},{"id":"28bf2ef0-6eb7-11ea-9266-1fd14ca6af34","name":"panel_8","type":"visualization"},{"id":"f22e8660-6eb6-11ea-9266-1fd14ca6af34","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE3OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Modbus - Function","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"function.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Function\"}}]}"},"id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMwMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Category","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS Alerts - Category\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Category\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Category\"}}]}"},"id":"45464b50-3af6-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMyMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Query Class (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Query Class (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"query_class_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Class\"}}]}"},"id":"45a652b0-34c1-11e7-917c-af7a9d11771a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI1OSwxXQ=="} -{"attributes":{"columns":["message","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_pe\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"PE - Logs","version":1},"id":"66288140-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM0OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"PE - OS (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - OS (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"os.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"45c4ae10-380c-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM1MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.server.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.server.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}"},"id":"46221fe0-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQwNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DCE/RPC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"cbb67b00-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE4MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"f52f8bc0-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE4MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Endpoint","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"endpoint.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}"},"id":"553acbb0-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE4MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Named Pipe","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}"},"id":"6b7122d0-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE4NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Operation","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}"},"id":"86107960-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE4NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Round Trip Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rtt\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}"},"id":"f275f490-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE4NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG8k4OxQT5EBNmq37a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE4NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"id":"d979b0f0-4a45-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE4OCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":104,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":80,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"panelIndex\":\"17\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":80,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - DCE/RPC","version":1},"id":"46582d50-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"panel_0","type":"search"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"cbb67b00-3af2-11e7-a83b-b1b4da7d15f4","name":"panel_2","type":"visualization"},{"id":"f52f8bc0-3af2-11e7-a83b-b1b4da7d15f4","name":"panel_3","type":"visualization"},{"id":"10b8a610-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_4","type":"visualization"},{"id":"553acbb0-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_5","type":"visualization"},{"id":"6b7122d0-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_6","type":"visualization"},{"id":"86107960-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_7","type":"visualization"},{"id":"f275f490-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_8","type":"visualization"},{"id":"AWDG8k4OxQT5EBNmq37a","name":"panel_9","type":"visualization"},{"id":"d979b0f0-4a45-11e8-9b0a-f1d33346f773","name":"panel_10","type":"visualization"},{"id":"42b17660-4a47-11e8-9b0a-f1d33346f773","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE5MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sources.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}"},"id":"613de590-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE5NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"a5571030-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE5NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"ba2d3b10-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE5NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Indicator","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"indicator.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Indicator\"}}],\"listeners\":{}}"},"id":"6380b430-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE5NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mimetype.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"id":"af614b80-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE5OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Matched","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"matched.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}"},"id":"c8540380-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzE5OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"a5bcec80-6e15-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIwMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Intel - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG-Qf8xQT5EBNmq4G5","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIwMiwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":72,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":28,\"h\":24,\"x\":20,\"y\":48,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":0,\"y\":48,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"fuid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":72,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"17\"},\"panelIndex\":\"17\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"Bro - Intel","version":1},"id":"468022c0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"361d0bd0-35b7-11e7-a994-c528746bc6e8","name":"panel_1","type":"visualization"},{"id":"3013af40-399b-11e7-8472-0151e5b2b475","name":"panel_2","type":"visualization"},{"id":"613de590-399b-11e7-8472-0151e5b2b475","name":"panel_3","type":"visualization"},{"id":"a5571030-399b-11e7-8472-0151e5b2b475","name":"panel_4","type":"visualization"},{"id":"ba2d3b10-399b-11e7-8472-0151e5b2b475","name":"panel_5","type":"visualization"},{"id":"6380b430-399c-11e7-8472-0151e5b2b475","name":"panel_6","type":"visualization"},{"id":"af614b80-399c-11e7-8472-0151e5b2b475","name":"panel_7","type":"visualization"},{"id":"c8540380-399c-11e7-8472-0151e5b2b475","name":"panel_8","type":"visualization"},{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"a5bcec80-6e15-11e7-8624-1fb07dd76c6a","name":"panel_10","type":"visualization"},{"id":"07622d60-6e16-11e7-8624-1fb07dd76c6a","name":"panel_11","type":"visualization"},{"id":"AWDG-Qf8xQT5EBNmq4G5","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIwMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Category","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Autoruns - Category\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Category\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Category\"}}],\"listeners\":{}}"},"id":"482be9b0-6d78-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI0MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"kerberos.service.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.service.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"id":"48331f00-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUwOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Request From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Request From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.request.from.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.request.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request From\"}}]}"},"id":"49384710-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYwMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"network.transport:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Network - Transport","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Transport\"}}]}"},"id":"499a0690-6ead-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY4NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ4MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Protocol (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Protocol (Donut Chart)\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}"},"id":"49e04860-4a4e-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY0OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Request Type (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Request Type (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"request_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Type\"}}]}"},"id":"4aa0b2a0-6e1a-11e7-89e4-613b96f597e1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI3OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IPs\"}}]}"},"id":"4adca340-6eae-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY4NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:google.com~ -highest_registered_domain:google.com AND highest_registered_domain:youtube.com~ -highest_registered_domain:youtube.com AND highest_registered_domain:facebook.com~ -highest_registered_domain:facebook.com AND highest_registered_domain:wikipedia.org~ -highest_registered_domain:wikipedia.org AND highest_registered_domain:google.co.in~ -highest_registered_domain:google.co.in AND highest_registered_domain:reddit.com~ -highest_registered_domain:reddit.com AND highest_registered_domain:amazon.com~ -highest_registered_domain:amazon.com AND highest_registered_domain:taobao.com~ -highest_registered_domain:taobao.com AND highest_registered_domain:twitter.com~ -highest_registered_domain:twitter.com AND highest_registered_domain:google.co.jp~ -highest_registered_domain:google.co.jp AND highest_registered_domain:instagram.com~ -highest_registered_domain:instagram.com AND highest_registered_domain:sina.com.cn~ -highest_registered_domain:sina.com.cn AND highest_registered_domain:google.co.uk~ -highest_registered_domain:google.co.uk AND highest_registered_domain:linkedin.com~ -highest_registered_domain:linkedin.com AND highest_registered_domain:list.tmall.com~ -highest_registered_domain:list.tmall.com AND highest_registered_domain:google.com.br~ -highest_registered_domain:google.com.br AND highest_registered_domain:google.com.hk~ -highest_registered_domain:google.com.hk AND highest_registered_domain:netflix.com~ -highest_registered_domain:netflix.com AND highest_registered_domain:yahoo.co.jp~ -highest_registered_domain:yahoo.co.jp AND highest_registered_domain:pornhub.com~ -highest_registered_domain:pornhub.com AND highest_registered_domain:xvideos.com~ -highest_registered_domain:xvideos.com AND highest_registered_domain:microsoft.com~ -highest_registered_domain:microsoft.com AND highest_registered_domain:livejasmin.com~ -highest_registered_domain:livejasmin.com AND highest_registered_domain:aliexpress.com~ -highest_registered_domain:aliexpress.com AND highest_registered_domain:stackoverflow.com~ -highest_registered_domain:stackoverflow.com AND highest_registered_domain:wordpress.com~ -highest_registered_domain:wordpress.com AND highest_registered_domain:hao123.com~ -highest_registered_domain:hao123.com AND highest_registered_domain:github.com~ -highest_registered_domain:github.com AND highest_registered_domain:amazon.co.jp~ -highest_registered_domain:amazon.co.jp AND highest_registered_domain:blogspot.com~ -highest_registered_domain:blogspot.com AND highest_registered_domain:pinterest.com~ -highest_registered_domain:pinterest.com AND highest_registered_domain:bongacams.com~ -highest_registered_domain:bongacams.com AND highest_registered_domain:google.com.tr~ -highest_registered_domain:google.com.tr AND highest_registered_domain:popads.net~ -highest_registered_domain:popads.net AND highest_registered_domain:paypal.com~ -highest_registered_domain:paypal.com AND highest_registered_domain:office.com~ -highest_registered_domain:office.com AND highest_registered_domain:google.com.tw~ -highest_registered_domain:google.com.tw AND highest_registered_domain:google.com.au~ -highest_registered_domain:google.com.au AND highest_registered_domain:whatsapp.com~ -highest_registered_domain:whatsapp.com AND highest_registered_domain:microsoftonline.com~ -highest_registered_domain:microsoftonline.com\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Phishing Attempts Against Alexa Top Sites","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Phishing attempts against your domain(s)\"},\"schema\":\"metric\",\"type\":\"count\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":0},{\"from\":1,\"to\":999999}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":false,\"bgFill\":\"#eee\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"labelColor\":true,\"mask\":false,\"maskBars\":50,\"subText\":\"Edit this to reflect your domain(s)\",\"width\":0.9},\"type\":\"meter\",\"alignment\":\"horizontal\"}},\"title\":\"DNS - Phishing Attempts Against Alexa Top Sites\",\"type\":\"gauge\"}"},"id":"4d89e140-6f09-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY0MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Top Connection Duration (Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Source - Top Connection Duration (Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"id":"5ea38360-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIwNSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"mapCenter\":[14.604847155053898,0.17578125],\"mapZoom\":2}}]","timeRestore":false,"title":"Connections - Source - Top Connection Duration","version":1},"id":"4e108070-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"5ea38360-46c7-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIwNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Section Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"PE - Section Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"section_names.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"4e56b4d0-416f-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM1MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - IP to MAC Assignment","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"assigned_ip.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mac.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}"},"id":"4e877100-4a48-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM0MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.issuer.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.issuer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Issuer\"}}]}"},"id":"4e8cbf80-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY1OCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[]","timeRestore":false,"title":"OSSEC","version":1},"id":"4f6f3440-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.3.0"},"references":[],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIwNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Server Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_major_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_minor_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}"},"id":"4fade7b0-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQyNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Process Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - Process Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process Name\"}}]}"},"id":"4fe16b60-72bd-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM2OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"e76d2eb0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIwOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Firewall - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"c3a06740-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIxMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Firewall - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"df06de60-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIxMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"fcf75bc0-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIxMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Protocol","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Protocol\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"ipv4_protocol.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"f8f0dbc0-6d82-11e7-912f-0950e6d5c322","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIxNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Firewall - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHH3kBxQT5EBNmq459","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIxNSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":60,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":36,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":36,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":24,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":16,\"h\":16,\"x\":32,\"y\":8,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":24,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":60,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{\"columns\":[\"action\",\"reason\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}]","timeRestore":false,"title":"Firewall","version":1},"id":"50173bd0-3582-11e7-98ef-19df58fe538b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"e76d2eb0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"c3a06740-6d75-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"df06de60-6d75-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"2a1eb100-6d82-11e7-bcd4-0d514e0e7da1","name":"panel_4","type":"visualization"},{"id":"fcf75bc0-6d75-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"f8f0dbc0-6d82-11e7-912f-0950e6d5c322","name":"panel_6","type":"visualization"},{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"panel_7","type":"search"},{"id":"AWDHH3kBxQT5EBNmq459","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIxNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File Size","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File Size\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.size: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.size\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Size\"}}]}"},"id":"50b4c880-72df-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY4NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"id":"524e13b0-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM5MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Answers","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.answers.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.answers.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Answer\"}}]}"},"id":"536876a0-72ba-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIyMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"53824da0-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU5NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"5393c710-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ2NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"id":"53ac63e0-365b-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI2MSwxXQ=="} -{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_smtp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SMTP - Logs","version":1},"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ4OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Webmail - True/False (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SMTP - Webmail - True/False (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Webmail\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"is_webmail.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Webmail\"}}],\"listeners\":{}}"},"id":"53beb0d0-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ5OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"54d78f50-6e33-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU1OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ntlm.success: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ntlm.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"id":"e9f31a70-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIxNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Tree","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Tree\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ntlm.server.tree.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.tree.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tree\"}}]}"},"id":"8cb83890-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIxOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Netbios\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"DNS\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.nb.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NetBIOS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.dns.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"DNS\"}}]}"},"id":"63f139c0-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIxOSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:ntlm\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"4555a871-9c2c-48d4-b143-bffc6d41ea4d\"},\"panelIndex\":\"4555a871-9c2c-48d4-b143-bffc6d41ea4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\"},\"panelIndex\":\"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"d32748d9-d47b-41bb-ab9f-b59817230998\"},\"panelIndex\":\"d32748d9-d47b-41bb-ab9f-b59817230998\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":18,\"i\":\"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\"},\"panelIndex\":\"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":18,\"i\":\"4a50def3-c905-4493-b352-59741d68326e\"},\"panelIndex\":\"4a50def3-c905-4493-b352-59741d68326e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":9,\"w\":10,\"h\":18,\"i\":\"075d7365-e106-4a1e-b003-bab7abbb7146\"},\"panelIndex\":\"075d7365-e106-4a1e-b003-bab7abbb7146\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":26,\"y\":9,\"w\":9,\"h\":18,\"i\":\"5202d0b2-7f34-4182-8e25-ec87d4df0965\"},\"panelIndex\":\"5202d0b2-7f34-4182-8e25-ec87d4df0965\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":35,\"y\":9,\"w\":13,\"h\":18,\"i\":\"f93042fa-bdd7-495f-af7b-eec95073e015\"},\"panelIndex\":\"f93042fa-bdd7-495f-af7b-eec95073e015\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - NTLM","version":1},"id":"558292e0-75c1-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"e9f31a70-75c2-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"8cb83890-75c2-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"63f139c0-75c2-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIyMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Response Code Name","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Response Code Name\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.response.code_name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.response.code_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"id":"a9bd4090-72b9-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIyMSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dns\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\"},\"panelIndex\":\"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":14,\"h\":9,\"i\":\"4b8b4859-bd5c-446c-94e1-6d9b57cbe922\"},\"panelIndex\":\"4b8b4859-bd5c-446c-94e1-6d9b57cbe922\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":9,\"i\":\"ee03c5c1-9e26-42e3-b569-afa2712d7047\"},\"panelIndex\":\"ee03c5c1-9e26-42e3-b569-afa2712d7047\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":19,\"i\":\"706d8a5a-a263-48d0-8eb8-12eeade27115\"},\"panelIndex\":\"706d8a5a-a263-48d0-8eb8-12eeade27115\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":19,\"i\":\"bf29b086-8b8d-47a5-8280-afeb737d6163\"},\"panelIndex\":\"bf29b086-8b8d-47a5-8280-afeb737d6163\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":9,\"w\":8,\"h\":19,\"i\":\"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\"},\"panelIndex\":\"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":26,\"y\":9,\"w\":22,\"h\":19,\"i\":\"bf16d99c-68ac-41ea-8047-04e7c363dce3\"},\"panelIndex\":\"bf16d99c-68ac-41ea-8047-04e7c363dce3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":28,\"w\":23,\"h\":21,\"i\":\"e41240ec-8024-4f3f-9de0-869622470e4d\"},\"panelIndex\":\"e41240ec-8024-4f3f-9de0-869622470e4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":28,\"w\":25,\"h\":21,\"i\":\"fe297ab2-9a4b-438c-913b-7b5d1dea6182\"},\"panelIndex\":\"fe297ab2-9a4b-438c-913b-7b5d1dea6182\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - DNS","version":1},"id":"55ac6bf0-6ec4-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"a9bd4090-72b9-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"07065340-72ba-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"536876a0-72ba-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIyNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"IRC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"85b1f890-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIyNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"bf959cb0-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIyNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"e4615200-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIyOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"IRC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_HoKxQT5EBNmq4KN","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIzMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Destination Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.city_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"id":"f625b7b0-4a56-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIzMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Command","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"irc_command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}"},"id":"7bc09930-4a57-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIzMiwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"15\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - IRC","version":1},"id":"56a34ce0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"85b1f890-35b7-11e7-a994-c528746bc6e8","name":"panel_1","type":"visualization"},{"id":"bf959cb0-35b7-11e7-a994-c528746bc6e8","name":"panel_2","type":"visualization"},{"id":"e4615200-35b7-11e7-a994-c528746bc6e8","name":"panel_3","type":"visualization"},{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"3c073d20-6e17-11e7-8624-1fb07dd76c6a","name":"panel_5","type":"visualization"},{"id":"AWDG_HoKxQT5EBNmq4KN","name":"panel_6","type":"visualization"},{"id":"f625b7b0-4a56-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"},{"id":"7bc09930-4a57-11e8-9b0a-f1d33346f773","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIzMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"id":"57a9a3f0-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYzOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Lease Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Lease Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"lease_time.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Lease Time\"}}]}"},"id":"58c84f60-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM0MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Devices - Log Count By Device","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Devices - Log Count By Device\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Device\"}}]}"},"id":"5b3988c0-a840-11e7-893a-1b88920b2837","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM3OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Client Build","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Client Build\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.client_build.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.client_build.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Build\"}}]}"},"id":"bdae8640-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIzNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Security Protocol","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Security Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.security_protocol.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.security_protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"},"id":"dad85840-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIzNSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:rdp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"8abc0250-1076-45e8-b62b-54dc7dd0cfca\",\"w\":16,\"x\":13,\"y\":0},\"panelIndex\":\"8abc0250-1076-45e8-b62b-54dc7dd0cfca\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"dc48b27e-f00b-4723-87ab-64f726e51e74\",\"w\":19,\"x\":29,\"y\":0},\"panelIndex\":\"dc48b27e-f00b-4723-87ab-64f726e51e74\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\",\"w\":9,\"x\":0,\"y\":8},\"panelIndex\":\"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"f4437b55-61ef-4818-a8c4-448407c7052b\",\"w\":9,\"x\":9,\"y\":8},\"panelIndex\":\"f4437b55-61ef-4818-a8c4-448407c7052b\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"33630c53-4de4-4064-a319-bd71be01dc06\",\"w\":7,\"x\":18,\"y\":8},\"panelIndex\":\"33630c53-4de4-4064-a319-bd71be01dc06\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\",\"w\":7,\"x\":25,\"y\":8},\"panelIndex\":\"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"35083762-4591-44ac-a31f-36bed3414af2\",\"w\":7,\"x\":32,\"y\":8},\"panelIndex\":\"35083762-4591-44ac-a31f-36bed3414af2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"66e7cf00-ec90-4df3-acd3-02fb271f0959\",\"w\":9,\"x\":39,\"y\":8},\"panelIndex\":\"66e7cf00-ec90-4df3-acd3-02fb271f0959\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - RDP","version":1},"id":"5b743150-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"bdae8640-75c5-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"dad85840-75c5-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"0c006bb0-75c6-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"2e7363f0-75c6-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzIzOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Nodes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Nodes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"id":"5cba9760-6e9b-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY4NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"MySQL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"5d9031a0-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMwOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Client Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Major Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.client_major_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.client_minor_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Minor Version\"}}]}"},"id":"5dcf09e0-75c8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU2OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Connection Information","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connect_info.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}"},"id":"5df79fe0-3809-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM2MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"uri.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}"},"id":"5e36c370-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ2OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp.argument.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"5fcdb0c0-755f-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMwNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - FIle Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - FIle Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}"},"id":"60384e00-3aaf-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUxNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Data Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Data Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Data Type\"}}],\"listeners\":{}}"},"id":"60925490-34bf-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI1NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"6139edd0-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU3NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"bf5ab2d0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI0MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Hostname (Tag Cloud)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Hostname (Tag Cloud)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":10,\"maxFontSize\":30},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"c5d58f60-6d78-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI0MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"id":"df5e9e80-6d79-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI0NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Launch String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Launch String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"launch_string.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Launch String\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}}],\"listeners\":{}}"},"id":"cfd94590-6d7a-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI0NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Company","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Company\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":36},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"company.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"96105ff0-6d7b-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI0NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Signer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Signer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"signer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signer\"}}],\"listeners\":{}}"},"id":"6cf187b0-6d7c-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI0OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Autoruns - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHG1IaxQT5EBNmq4yR","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI0OSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":24,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":24,\"i\":\"7\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":12,\"h\":24,\"x\":24,\"y\":24,\"i\":\"8\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"10\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":28,\"h\":24,\"x\":20,\"y\":48,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":20,\"h\":24,\"x\":0,\"y\":48,\"i\":\"12\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":48,\"h\":32,\"x\":0,\"y\":120,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{\"columns\":[\"entry\",\"entry_location\",\"image_path\",\"hostname\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"14\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"Autoruns","version":1},"id":"61d43810-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"bf5ab2d0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"482be9b0-6d78-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"c5d58f60-6d78-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"1cd6a970-6d79-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"df5e9e80-6d79-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"2ef9ccd0-6d7a-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"cfd94590-6d7a-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"96105ff0-6d7b-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6cf187b0-6d7c-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHG1IaxQT5EBNmq4yR","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI1MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Source Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Source Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMxOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modbus - Function","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Modbus - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"modbus.function.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"modbus.function.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}}]}"},"id":"62449800-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM0NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"id":"62969db0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY4OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"id":"62ac4060-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY4OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Desktop Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"desktop_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}"},"id":"63c072c0-371f-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQyMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Drilldown - Rule Signature","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Drilldown - Rule Signature\",\"type\":\"table\",\"params\":{\"perPage\":1,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"schema\":\"metric\",\"params\":{\"field\":\"rule_signature.keyword\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"NIDS Signature\"}}]}"},"id":"6533dd40-e064-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY1MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Facility","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Syslog - Facility\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.facility.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog.facility.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Facility\"}}]}"},"id":"e017cb80-777b-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI1MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Severity","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Syslog - Severity\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.severity.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog.severity.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}]}"},"id":"fc8d41a0-777b-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI1MiwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:syslog\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\"},\"panelIndex\":\"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"a3e3afae-dd54-4024-9d09-608a6baecd42\"},\"panelIndex\":\"a3e3afae-dd54-4024-9d09-608a6baecd42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\"},\"panelIndex\":\"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"e1ea8adf-acd8-4577-9c81-1acb711d20ce\"},\"panelIndex\":\"e1ea8adf-acd8-4577-9c81-1acb711d20ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"16f2046a-4417-4e78-9699-65d253db78cb\"},\"panelIndex\":\"16f2046a-4417-4e78-9699-65d253db78cb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":9,\"h\":19,\"i\":\"226810af-b55b-4fba-99c8-0c28ca99aa37\"},\"panelIndex\":\"226810af-b55b-4fba-99c8-0c28ca99aa37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":8,\"w\":8,\"h\":19,\"i\":\"9cc5fffe-3834-4550-84e3-33d1246f68f6\"},\"panelIndex\":\"9cc5fffe-3834-4550-84e3-33d1246f68f6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"8cf5472b-8421-4577-81ad-2c496b1c71ce\"},\"panelIndex\":\"8cf5472b-8421-4577-81ad-2c496b1c71ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Syslog","version":1},"id":"66499a20-75ed-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"e017cb80-777b-11ea-bee5-af7f7c7b8e05","name":"panel_6","type":"visualization"},{"id":"fc8d41a0-777b-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI1MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Query/Answer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"answers.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}"},"id":"e8e3b8a0-34c1-11e7-917c-af7a9d11771a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI1NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"c7eed4c0-3649-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI1OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"id":"6ef90c30-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI2MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sensors - Sensor and Services (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sensors - Sensor and Services (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sensor_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"9c979ea0-345b-11e7-8867-29a39c0f86b2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI2MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Top 50 - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Top 50 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}]}"},"id":"73806f30-4948-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI2NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Top 50 - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Top 50 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP\"}}]}"},"id":"c0de57b0-4948-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI2NSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":0,\"i\":\"2\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":120,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":144,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":144,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":180,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":180,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":120,\"i\":\"16\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"18\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"18\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"hostname\",\"alert_level\",\"description\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"19\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":204,\"i\":\"19\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"20\",\"gridData\":{\"w\":48,\"h\":12,\"x\":0,\"y\":168,\"i\":\"20\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"21\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":144,\"i\":\"21\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"panelIndex\":\"22\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":96,\"i\":\"22\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"},{\"panelIndex\":\"23\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":96,\"i\":\"23\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\"},{\"panelIndex\":\"24\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"24\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_15\"},{\"panelIndex\":\"26\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":0,\"i\":\"26\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_16\",\"embeddableConfig\":{}},{\"panelIndex\":\"27\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":72,\"i\":\"27\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_17\",\"embeddableConfig\":{}},{\"panelIndex\":\"28\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":72,\"i\":\"28\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_18\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Indicator","version":1},"id":"68563ed0-34bf-11e7-9b32-bb903919ead9","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"60925490-34bf-11e7-9b32-bb903919ead9","name":"panel_1","type":"visualization"},{"id":"e8e3b8a0-34c1-11e7-917c-af7a9d11771a","name":"panel_2","type":"visualization"},{"id":"ae1f1fb0-3648-11e7-bf60-314364dd1cde","name":"panel_3","type":"visualization"},{"id":"d0f56da0-3648-11e7-bf60-314364dd1cde","name":"panel_4","type":"visualization"},{"id":"8ba31820-34c6-11e7-8360-0b86c90983fd","name":"panel_5","type":"visualization"},{"id":"7153e7f0-34c7-11e7-8360-0b86c90983fd","name":"panel_6","type":"visualization"},{"id":"c7eed4c0-3649-11e7-bf60-314364dd1cde","name":"panel_7","type":"visualization"},{"id":"45a652b0-34c1-11e7-917c-af7a9d11771a","name":"panel_8","type":"visualization"},{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"panel_10","type":"search"},{"id":"934fe550-6e08-11e7-9370-174c4785d3e1","name":"panel_11","type":"visualization"},{"id":"3f4abb40-6e0a-11e7-84cc-b363f104b3c7","name":"panel_12","type":"visualization"},{"id":"53ac63e0-365b-11e7-8bd0-1db2c55fb7a1","name":"panel_13","type":"visualization"},{"id":"6ef90c30-34c0-11e7-9b32-bb903919ead9","name":"panel_14","type":"visualization"},{"id":"07fdf9e0-39ad-11e7-8472-0151e5b2b475","name":"panel_15","type":"visualization"},{"id":"9c979ea0-345b-11e7-8867-29a39c0f86b2","name":"panel_16","type":"visualization"},{"id":"73806f30-4948-11e8-9576-313be7c6b44b","name":"panel_17","type":"visualization"},{"id":"c0de57b0-4948-11e8-9576-313be7c6b44b","name":"panel_18","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI2NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Data - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"id":"689991b0-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY5MCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"mapCenter\":[25.16517336866393,0.17578125],\"mapZoom\":2}}]","timeRestore":false,"title":"Connections - Source - Originator Bytes","version":1},"id":"68f738e0-46ca-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"05809df0-46cb-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI2OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"snmp.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"},"id":"690ef880-75e9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM4NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Weird - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}"},"id":"691ade50-4c85-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYxNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"c97cd4c0-35ba-11e7-b9ee-834112670159","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI3MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"id":"710ccbf0-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI3MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Success Status (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Success Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kerberos_success.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"b31231c0-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI3MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"id":"f0178840-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI3MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Cipher (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Cipher (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"cipher.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"e3fffae0-3635-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI3NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"84f28670-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI3NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}"},"id":"f7c48a20-6e19-11e7-89e4-613b96f597e1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI3OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Renewable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Renewable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"renewable.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Renewable\"}}],\"listeners\":{}}"},"id":"bb748470-6e1a-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI4MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Kerberos - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_UbkxQT5EBNmq4Lg","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI4MSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"request_type\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":48,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":48,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":96,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":96,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":96,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":28,\"h\":24,\"x\":0,\"y\":72,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":72,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"Bro - Kerberos","version":1},"id":"6b0d4870-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"c97cd4c0-35ba-11e7-b9ee-834112670159","name":"panel_1","type":"visualization"},{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"710ccbf0-35bb-11e7-b9ee-834112670159","name":"panel_3","type":"visualization"},{"id":"b31231c0-35bb-11e7-b9ee-834112670159","name":"panel_4","type":"visualization"},{"id":"f0178840-35bb-11e7-b9ee-834112670159","name":"panel_5","type":"visualization"},{"id":"e3fffae0-3635-11e7-a6f7-4f44d7bf1c33","name":"panel_6","type":"visualization"},{"id":"28d04080-3636-11e7-a6f7-4f44d7bf1c33","name":"panel_7","type":"visualization"},{"id":"3f34faa0-3636-11e7-a6f7-4f44d7bf1c33","name":"panel_8","type":"visualization"},{"id":"84f28670-3636-11e7-a6f7-4f44d7bf1c33","name":"panel_9","type":"visualization"},{"id":"f7c48a20-6e19-11e7-89e4-613b96f597e1","name":"panel_10","type":"visualization"},{"id":"4aa0b2a0-6e1a-11e7-89e4-613b96f597e1","name":"panel_11","type":"visualization"},{"id":"bb748470-6e1a-11e7-b553-7f80727663c1","name":"panel_12","type":"visualization"},{"id":"AWDG_UbkxQT5EBNmq4Lg","name":"panel_13","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI4MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Destination Port","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Sysmon - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"6b70b840-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI5MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"6c60a280-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU0OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sysmon - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI4NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI4NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Event ID (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sysmon - Event ID (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event_id\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Type\"}}]}"},"id":"e09f6010-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI5MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Sysmon - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHHk1sxQT5EBNmq43Y","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI5MywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"6\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":20,\"h\":28,\"x\":8,\"y\":20,\"i\":\"7\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":20,\"h\":28,\"x\":28,\"y\":20,\"i\":\"8\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"panelIndex\":\"14\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{\"columns\":[\"event_type\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"15\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"Sysmon - Logs","version":1},"id":"6d189680-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"3072c750-6d71-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"13ed0810-6d72-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"e09f6010-6d72-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"29611940-6d75-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6b70b840-6d75-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHHk1sxQT5EBNmq43Y","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzI5NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Action (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"6f883480-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUxNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY1NywxXQ=="} -{"attributes":{"buildNum":29118,"dashboard:defaultDarkTheme":true,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":"100","theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"\n}"},"id":"7.6.1","references":[],"type":"config","updated_at":"2020-06-15T18:49:59.193Z","version":"WzAsMV0="} -{"attributes":{"buildNum":30896,"dashboard:defaultDarkTheme":true,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":"100","theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"\n}"},"id":"7.7.1","references":[],"type":"config","updated_at":"2020-06-15T19:30:22.411Z","version":"WzcwNCwyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - MIME Flavors","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.flavors.mime.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY3MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_9KpxQT5EBNmq4Oo","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMwMCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"9\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":8,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - Modbus","version":1},"id":"70c005f0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"178209e0-6e1b-11e7-b553-7f80727663c1","name":"panel_5","type":"visualization"},{"id":"AWDG_9KpxQT5EBNmq4Oo","name":"panel_6","type":"visualization"},{"id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMwMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Change Stats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"osquery - ChromeExt - Change Stats\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":70}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.hostIdentifier.keyword\",\"customLabel\":\"Endpoints\"}}]}"},"id":"71538370-18d5-11e9-932c-d12d2cf4ee95","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ4MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Total Bytes Per Source/Destination IP Pair","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"total_bytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_term\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"source_ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"total_bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"destination_ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"total_bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}"},"id":"726cc040-48cf-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ1NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - File Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}"},"id":"72f0f010-3aaf-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUxNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Log Type Per Sensor/Device","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Log Type Per Sensor/Device\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor/Device\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type\"}}]}"},"id":"733ce440-494d-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM4MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Signing Algorithm","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"certificate_signing_algorithm.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}]}"},"id":"738127f0-37d7-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYzMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Command","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Command\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ftp.command.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"d3435690-755f-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMwMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - User","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User\",\"field\":\"ftp.user.keyword\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/kibana\",\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\"}}},\"label\":\"ftp.user.keyword: Descending\",\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Security Onion - FTP - User\",\"type\":\"table\"}"},"id":"8346bc70-7561-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMwNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Password","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Password\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ftp.password.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp.password.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Password\"}}]}"},"id":"bc3e2bd0-7561-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMwNiwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:ftp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\"},\"panelIndex\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":15,\"h\":8,\"i\":\"1b99097d-a957-4163-9810-263a0e653c18\"},\"panelIndex\":\"1b99097d-a957-4163-9810-263a0e653c18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":8,\"i\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},\"panelIndex\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\"},\"panelIndex\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},\"panelIndex\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":8,\"w\":13,\"h\":19,\"i\":\"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\"},\"panelIndex\":\"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":8,\"w\":17,\"h\":19,\"i\":\"e244437a-17a5-4e00-9176-f4e88ac54938\"},\"panelIndex\":\"e244437a-17a5-4e00-9176-f4e88ac54938\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":22,\"h\":16,\"i\":\"9196bb67-30ad-4a8e-b75f-22a9cced6f35\"},\"panelIndex\":\"9196bb67-30ad-4a8e-b75f-22a9cced6f35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":27,\"w\":26,\"h\":16,\"i\":\"9da1ff1b-aebe-45fb-9e48-420eafb1b655\"},\"panelIndex\":\"9da1ff1b-aebe-45fb-9e48-420eafb1b655\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - FTP","version":1},"id":"739bfad0-755a-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"d3435690-755f-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"5fcdb0c0-755f-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"8346bc70-7561-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"bc3e2bd0-7561-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMwNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - \"From\" Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mail_from.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}"},"id":"73b1b240-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ5MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}"},"id":"73f663f0-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ3MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:securityonion.net~ -securityonion.net\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Phishing Attempts Against Organizational Domain(s)","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"title\":\"DNS - Phishing Attempts Against Organizational Domain(s)\",\"type\":\"gauge\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"gauge\":{\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":0},{\"from\":1,\"to\":999999}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"Edit this to reflect your domain(s)\",\"fontSize\":60,\"labelColor\":true},\"alignment\":\"horizontal\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Phishing attempts against your domain(s)\"}}],\"listeners\":{}}"},"id":"74861280-6f06-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY0MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Cookie","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"cookie.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}"},"id":"75597b60-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM5MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Process CLI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - Process CLI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"process.command_line.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.command_line.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Line\"}}]}"},"id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM3MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Username\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - Username\"}"},"id":"767c89f0-af4c-11ea-b262-353d451b125b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T21:09:12.842Z","version":"WzcwNiwyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Tunnels - Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Tunnels - Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"tunnel.type.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tunnel.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"id":"781447d0-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY5MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Sensitive Permissions","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Chrome Extensions - Sensitive Permissions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.columns.name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Extension Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.columns.permissions.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Permissions\"}}]}"},"id":"78cf8bf0-1a59-11e9-ac0b-cb0ba10141ab","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"040dda10-18d8-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ4NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"MySQL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHBRrrxQT5EBNmq4TI","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMxMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"MySQL - Response","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"MySQL - Response\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"response.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response\"}}]}"},"id":"9c411ad0-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMxMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql_success.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"c48925a0-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMxMywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - MySQL","version":1},"id":"7929f430-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"5d9031a0-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"07e25650-3812-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"},{"id":"AWDHBRrrxQT5EBNmq4TI","name":"panel_4","type":"visualization"},{"id":"9c411ad0-4a58-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"c48925a0-4a58-11e8-9b0a-f1d33346f773","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMxNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FIle - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FIle - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Name\"}}]}"},"id":"7a88adc0-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY3MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Client Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_major_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_minor_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}"},"id":"7c1e3f70-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQyNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"7c922990-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ4OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_http AND _exists_:virtual_host_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP - Virtual Host Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Virtual Host Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"virtual_host_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Virtual Host\"}}],\"listeners\":{}}"},"id":"7d1ede50-6f19-11e7-86c8-a1b6db3b051a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQzMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Authentication Sucess","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Authentication Sucess\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.authentication.success: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.authentication.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"id":"7d61f430-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQwNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"7dc62970-6e2a-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUyOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Machine","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"machine.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}"},"id":"7de76e10-6e1f-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM1MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:highest_registered_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Highest Registered Domain Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Highest Registered Domain Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"highest_registered_domain_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}"},"id":"7f1f00a0-6f04-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQzMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS - Alerts Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMxNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"a6df8820-399f-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMxNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"db04aef0-399f-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMxNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Severity (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS Alerts - Severity (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"priority.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Priority\"}}],\"listeners\":{}}"},"id":"ba60bcf0-3af5-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMxOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts By Country (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"NIDS - Alerts By Country (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"id":"81de16f0-6e0f-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMyMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG3ym0xQT5EBNmq3mG","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMyMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"id":"96c2cf10-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMyMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Classification","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Classification\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"classification.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Classification\"}}]}"},"id":"d66d54c0-4c89-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMyNSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"4\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":48,\"h\":68,\"x\":0,\"y\":120,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":96,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":96,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"14\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"15\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":32,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}},{\"panelIndex\":\"16\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"17\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":44,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"panelIndex\":\"18\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":72,\"i\":\"18\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"19\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"19\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"NIDS","version":1},"id":"7f27a830-34e5-11e7-9669-7f1d3242b798","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"a6df8820-399f-11e7-8472-0151e5b2b475","name":"panel_3","type":"visualization"},{"id":"db04aef0-399f-11e7-8472-0151e5b2b475","name":"panel_4","type":"visualization"},{"id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","name":"panel_5","type":"visualization"},{"id":"ba60bcf0-3af5-11e7-a83b-b1b4da7d15f4","name":"panel_6","type":"visualization"},{"id":"45464b50-3af6-11e7-a83b-b1b4da7d15f4","name":"panel_7","type":"visualization"},{"id":"81de16f0-6e0f-11e7-8624-1fb07dd76c6a","name":"panel_8","type":"visualization"},{"id":"AWDG3ym0xQT5EBNmq3mG","name":"panel_9","type":"visualization"},{"id":"96c2cf10-4a3d-11e8-9b0a-f1d33346f773","name":"panel_10","type":"visualization"},{"id":"3f040620-4a44-11e8-9b0a-f1d33346f773","name":"panel_11","type":"visualization"},{"id":"d66d54c0-4c89-11e8-9b0a-f1d33346f773","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMyNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination - Top Connection Duration (Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Destination - Top Connection Duration (Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"id":"7f7492d0-46c4-11e7-a82e-d97152153689","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYzNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - MAC","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.mac.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC\"}}]}"},"id":"eaa31ba0-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMyNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Requested Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Requested Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.requested_address.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Requested Address\"}}]}"},"id":"9a693c50-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMyOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Assigned Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Assigned Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.assigned_ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned Address\"}}]}"},"id":"cc3aaf20-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMyOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Message Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Message Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dhcp.message_types.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Type\"}}]}"},"id":"af26c6e0-96e6-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMzMSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dhcp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"7e10f47b-2096-452d-9b40-be150226504f\"},\"panelIndex\":\"7e10f47b-2096-452d-9b40-be150226504f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":10,\"h\":9,\"i\":\"a795e5b9-2afd-43ef-91db-cd9c23a996f9\"},\"panelIndex\":\"a795e5b9-2afd-43ef-91db-cd9c23a996f9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":9,\"i\":\"d0f65b83-17cd-4a8c-950d-06e5e88bf80b\"},\"panelIndex\":\"d0f65b83-17cd-4a8c-950d-06e5e88bf80b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":20,\"i\":\"c5565d1e-719c-4401-b886-1ad84638b855\"},\"panelIndex\":\"c5565d1e-719c-4401-b886-1ad84638b855\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":20,\"i\":\"ada9481a-335b-4091-ac4e-5f94c96e4cea\"},\"panelIndex\":\"ada9481a-335b-4091-ac4e-5f94c96e4cea\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":20,\"i\":\"bcba795f-8008-4f91-887d-35b5aff11022\"},\"panelIndex\":\"bcba795f-8008-4f91-887d-35b5aff11022\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":9,\"w\":7,\"h\":20,\"i\":\"a9615bc2-7e50-4a88-be1c-53eb7096e093\"},\"panelIndex\":\"a9615bc2-7e50-4a88-be1c-53eb7096e093\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":9,\"w\":17,\"h\":20,\"i\":\"c3c45ad6-fbbb-40d9-96e4-8bf2006ca138\"},\"panelIndex\":\"c3c45ad6-fbbb-40d9-96e4-8bf2006ca138\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - DHCP","version":1},"id":"80625c10-96dd-11ea-814e-bb515e873c2c","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"eaa31ba0-7374-11ea-a3da-cbdb4f8a90c0","name":"panel_3","type":"visualization"},{"id":"9a693c50-7374-11ea-a3da-cbdb4f8a90c0","name":"panel_4","type":"visualization"},{"id":"cc3aaf20-7374-11ea-a3da-cbdb4f8a90c0","name":"panel_5","type":"visualization"},{"id":"2af5f980-96e2-11ea-814e-bb515e873c2c","name":"panel_6","type":"visualization"},{"id":"af26c6e0-96e6-11ea-814e-bb515e873c2c","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMzMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"PE - Subsystem (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - Subsystem (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"subsystem.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"807da390-380c-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM1MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.success: Descending\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"id":"80aa0c60-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY5MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - SID","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - SID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.uuid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Rule ID\"}}]}"},"id":"a47ffc70-96f0-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMzMywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:alert AND event.module:suricata\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"afb23064-13dc-4b97-b1be-cf672a6cfb56\"},\"panelIndex\":\"afb23064-13dc-4b97-b1be-cf672a6cfb56\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":7,\"i\":\"67961875-85aa-443b-9cac-130c8783cd8d\"},\"panelIndex\":\"67961875-85aa-443b-9cac-130c8783cd8d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":7,\"i\":\"44bf55fb-18d8-4ae6-a15a-902042d3623c\"},\"panelIndex\":\"44bf55fb-18d8-4ae6-a15a-902042d3623c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":19,\"h\":20,\"i\":\"cedf23aa-c331-496a-bf27-7c9c8f587d80\"},\"panelIndex\":\"cedf23aa-c331-496a-bf27-7c9c8f587d80\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":19,\"y\":7,\"w\":9,\"h\":20,\"i\":\"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\"},\"panelIndex\":\"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":7,\"w\":10,\"h\":20,\"i\":\"ab088b32-c40e-4a1c-9dcd-758c1ad97edc\"},\"panelIndex\":\"ab088b32-c40e-4a1c-9dcd-758c1ad97edc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":38,\"y\":7,\"w\":10,\"h\":20,\"i\":\"2faea405-e4d3-488b-adfa-373b135d2122\"},\"panelIndex\":\"2faea405-e4d3-488b-adfa-373b135d2122\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":16,\"h\":18,\"i\":\"728a4c22-9a7e-4152-a4d6-eed2d728abb8\"},\"panelIndex\":\"728a4c22-9a7e-4152-a4d6-eed2d728abb8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":27,\"w\":22,\"h\":18,\"i\":\"32459b34-f7be-4ac0-a672-7a9697ce3bca\"},\"panelIndex\":\"32459b34-f7be-4ac0-a672-7a9697ce3bca\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":38,\"y\":27,\"w\":10,\"h\":18,\"i\":\"0681c2c1-531d-4f5e-a73f-8382789cbd14\"},\"panelIndex\":\"0681c2c1-531d-4f5e-a73f-8382789cbd14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - Alerts - Suricata","version":1},"id":"81057f40-7733-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"visualization"},{"id":"a47ffc70-96f0-11ea-814e-bb515e873c2c","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMzNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Response From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Response From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.response.from.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.response.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response From\"}}]}"},"id":"81a1a740-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYwMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"8261cf00-366e-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU3MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SNMP - Community String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"community.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}"},"id":"83a91450-4c79-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUzMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Data Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"intervalESValue\":30,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-03-24T15:15:25.819Z\",\"max\":\"2020-03-25T15:15:25.819Z\"}},\"label\":\"@timestamp per 30 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"8491c4b0-6eab-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY5MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DHCP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"e9a7fe80-357b-11e7-ac34-8965f6420c51","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMzNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DHCP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG80RwxQT5EBNmq38x","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzMzOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Message Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Message Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message_types.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Types\"}}]}"},"id":"a88e1020-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM0MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Domain Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"domain_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain Name\"}}]}"},"id":"ce859b40-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM0MywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":76,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":21,\"y\":52,\"w\":13,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":8,\"y\":52,\"w\":13,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":25,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":76,\"w\":48,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":null}}}},\"gridData\":{\"x\":34,\"y\":52,\"w\":14,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":26,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":34,\"y\":33,\"w\":14,\"h\":19,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Bro - DHCP","version":1},"id":"85348270-357b-11e7-ac34-8965f6420c51","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"e9a7fe80-357b-11e7-ac34-8965f6420c51","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"1055ada0-3655-11e7-baa7-b7de4ee40605","name":"panel_2","type":"visualization"},{"id":"317f8410-3655-11e7-baa7-b7de4ee40605","name":"panel_3","type":"visualization"},{"id":"AWDG80RwxQT5EBNmq38x","name":"panel_4","type":"visualization"},{"id":"4e877100-4a48-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"58c84f60-0edb-11e9-9846-59f545e7293f","name":"panel_7","type":"visualization"},{"id":"a88e1020-0edb-11e9-9846-59f545e7293f","name":"panel_8","type":"visualization"},{"id":"ce859b40-0edb-11e9-9846-59f545e7293f","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM0NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"85e40a70-3aac-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUxMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Status (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Authentication Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"auth.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Status\"}}],\"listeners\":{}}"},"id":"869e3030-371e-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQxNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modbus - Exception","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Modbus - Exception\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"modbus.exception.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"modbus.exception.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Exception\"}}]}"},"id":"93cdb730-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM0NiwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:modbus\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"dcdc1d0b-bec1-402d-a34b-39464e9a2749\"},\"panelIndex\":\"dcdc1d0b-bec1-402d-a34b-39464e9a2749\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"ccbb40c9-d2e4-4592-a91f-b1f6912a35f9\"},\"panelIndex\":\"ccbb40c9-d2e4-4592-a91f-b1f6912a35f9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"32fd8cfa-64ad-41d7-b4f7-2c71f351916a\"},\"panelIndex\":\"32fd8cfa-64ad-41d7-b4f7-2c71f351916a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"b15f438a-6f24-4099-90e6-d66f950029bc\"},\"panelIndex\":\"b15f438a-6f24-4099-90e6-d66f950029bc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":19,\"i\":\"089f29d5-cf23-4b6a-8b80-27911ffd6b1a\"},\"panelIndex\":\"089f29d5-cf23-4b6a-8b80-27911ffd6b1a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":8,\"w\":14,\"h\":19,\"i\":\"4154e8b1-e314-4623-aaf4-0404a108551a\"},\"panelIndex\":\"4154e8b1-e314-4623-aaf4-0404a108551a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":19,\"i\":\"8acbc44d-4fe2-42b0-a6e9-4a3bc4e4aeb6\"},\"panelIndex\":\"8acbc44d-4fe2-42b0-a6e9-4a3bc4e4aeb6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - Modbus","version":1},"id":"886a7b90-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"62449800-75be-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"93cdb730-75be-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM0NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"9cffd160-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM0OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"PE - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHCUeZxQT5EBNmq4Xy","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM1NCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"fuid\",\"machine\",\"is_exe\",\"is_64bit\",\"subsystem\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Bro - PE","version":1},"id":"8a10e380-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"9cffd160-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"45c4ae10-380c-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"807da390-380c-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"4e56b4d0-416f-11e7-9850-b78558d0ac17","name":"panel_5","type":"visualization"},{"id":"7de76e10-6e1f-11e7-b553-7f80727663c1","name":"panel_6","type":"visualization"},{"id":"AWDHCUeZxQT5EBNmq4Xy","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM1NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"8a60eb50-365f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU1NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - HASSH","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - HASSH\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.hassh.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"8afa5f50-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQwOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Notice Generated (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Weird - Notice Generated (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"notice.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"8dbbbed0-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYxMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Client Build","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Client Build\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_build.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client Build\"}}]}"},"id":"8e18ee60-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM5NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"certificate_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}}],\"listeners\":{}}"},"id":"8fa702e0-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQzMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Files - MIME Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Files - MIME Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.mimetype.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"file.mimetype.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIMEType\"}}]}"},"id":"8fb3c480-75f2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY5NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"All Sensors - Log Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"All Sensors - Log Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type(s)\"}}]}"},"id":"901bda80-a83f-11e7-893a-1b88920b2837","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM3NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RADIUS - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"ccb3e270-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM1NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"b48442b0-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM1OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"cea78b70-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM1OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"b0456970-6e1f-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM2MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RADIUS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHCgWzxQT5EBNmq4Y5","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM2MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RADIUS - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"id":"e827bab0-4a5a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM2NCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":24,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"12\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"panelIndex\":\"16\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - RADIUS","version":1},"id":"90b246c0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"ccb3e270-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"b48442b0-3808-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"cea78b70-3808-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"10cd7190-3809-11e7-a1cc-ebc6a7e70e84","name":"panel_4","type":"visualization"},{"id":"5df79fe0-3809-11e7-a1cc-ebc6a7e70e84","name":"panel_5","type":"visualization"},{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"b0456970-6e1f-11e7-b553-7f80727663c1","name":"panel_7","type":"visualization"},{"id":"AWDHCgWzxQT5EBNmq4Y5","name":"panel_8","type":"visualization"},{"id":"e827bab0-4a5a-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"},{"id":"30348db0-4a5b-11e8-9b0a-f1d33346f773","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM2NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Destination Country (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Destination Country (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"90bf0a80-3750-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ2NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - ID","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - ID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ID\"}}]}"},"id":"91bd9990-7737-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM3MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"92b202e0-76b4-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU0NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion - Host Data","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Host Data\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Modules** \\n[Osquery](/kibana/app/kibana#/dashboard/bf7cf8d0-7732-11ea-bee5-af7f7c7b8e05) \\n[Wazuh](/kibana/app/kibana#/dashboard/9480f190-7732-11ea-bee5-af7f7c7b8e05) \\n\"},\"aggs\":[]}"},"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM2NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Agent Name\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"id":"f03402e0-72bc-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM2OCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.category:host\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"c743998d-d4c5-429f-87ce-67bac2649e72\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"c743998d-d4c5-429f-87ce-67bac2649e72\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"8acc6336-35b7-4c1a-b0ef-3b3ec6870b1f\",\"w\":15,\"x\":8,\"y\":0},\"panelIndex\":\"8acc6336-35b7-4c1a-b0ef-3b3ec6870b1f\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"8485e0bf-8342-42ff-82b4-eb2611191060\",\"w\":25,\"x\":23,\"y\":0},\"panelIndex\":\"8485e0bf-8342-42ff-82b4-eb2611191060\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"ba08df96-10b9-4b30-803f-f40387867ccc\",\"w\":7,\"x\":0,\"y\":8},\"panelIndex\":\"ba08df96-10b9-4b30-803f-f40387867ccc\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"254bcae3-60d3-4193-b258-6f9f3eba0af3\",\"w\":7,\"x\":7,\"y\":8},\"panelIndex\":\"254bcae3-60d3-4193-b258-6f9f3eba0af3\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"89d115c0-ee70-4250-9742-fb3c554e69a7\",\"w\":8,\"x\":14,\"y\":8},\"panelIndex\":\"89d115c0-ee70-4250-9742-fb3c554e69a7\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"6220624b-e5d5-4fa2-82e1-85287afb280a\",\"w\":9,\"x\":22,\"y\":8},\"panelIndex\":\"6220624b-e5d5-4fa2-82e1-85287afb280a\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"0c1675bb-01ef-4020-95f1-3f35e0c6fad8\",\"w\":17,\"x\":31,\"y\":8},\"panelIndex\":\"0c1675bb-01ef-4020-95f1-3f35e0c6fad8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Host","version":1},"id":"92e63cc0-6ec0-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"f03402e0-72bc-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"4fe16b60-72bd-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM3MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Content Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"content_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Content Type\"}}],\"listeners\":{}}"},"id":"930b1600-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ3MSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:ossec AND event.dataset:alert\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c2172038-7740-458c-977a-98d139c438c2\"},\"panelIndex\":\"c2172038-7740-458c-977a-98d139c438c2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":8,\"i\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\"},\"panelIndex\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},\"panelIndex\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":12,\"h\":19,\"i\":\"1f88747a-06f5-4450-8d08-150d0cd37667\"},\"panelIndex\":\"1f88747a-06f5-4450-8d08-150d0cd37667\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":8,\"w\":11,\"h\":19,\"i\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\"},\"panelIndex\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":8,\"w\":7,\"h\":19,\"i\":\"a4bd8139-6fdd-476e-b6ff-8dd036e0f747\"},\"panelIndex\":\"a4bd8139-6fdd-476e-b6ff-8dd036e0f747\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":8,\"w\":8,\"h\":19,\"i\":\"df2cccc2-5ac2-4522-9756-76a16ba2b0ce\"},\"panelIndex\":\"df2cccc2-5ac2-4522-9756-76a16ba2b0ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":19,\"i\":\"8b5674df-aad2-4af7-aa91-90a9d3e3980c\"},\"panelIndex\":\"8b5674df-aad2-4af7-aa91-90a9d3e3980c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":21,\"i\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\"},\"panelIndex\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - Wazuh","version":1},"id":"9480f190-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"91bd9990-7737-11ea-bee5-af7f7c7b8e05","name":"panel_5","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"407784f0-7738-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"search"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM3NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Total Number of Logs","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Number of Logs\"}}],\"listeners\":{}}"},"id":"AWDGyaGxxQT5EBNmq3K9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM3OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Sensors - Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Sensors - Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sensor_name.keyword\"}}],\"listeners\":{}}"},"id":"AWDGzmzcxQT5EBNmq3Sj","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM4MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Devices - Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Devices - Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"syslog-host_from.keyword\"}}],\"listeners\":{}}"},"id":"AWDG0UDvxQT5EBNmq3WD","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM4MSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":132,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":28,\"h\":8,\"x\":20,\"y\":0,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"19\",\"gridData\":{\"w\":48,\"h\":16,\"x\":0,\"y\":56,\"i\":\"19\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"21\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"21\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"23\",\"gridData\":{\"w\":16,\"h\":32,\"x\":32,\"y\":24,\"i\":\"23\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"32\",\"gridData\":{\"w\":12,\"h\":8,\"x\":8,\"y\":0,\"i\":\"32\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"33\",\"gridData\":{\"w\":8,\"h\":16,\"x\":32,\"y\":8,\"i\":\"33\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"34\",\"gridData\":{\"w\":8,\"h\":16,\"x\":40,\"y\":8,\"i\":\"34\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"35\",\"gridData\":{\"w\":16,\"h\":8,\"x\":0,\"y\":72,\"i\":\"35\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"36\",\"gridData\":{\"w\":16,\"h\":8,\"x\":16,\"y\":72,\"i\":\"36\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"37\",\"gridData\":{\"w\":16,\"h\":8,\"x\":32,\"y\":72,\"i\":\"37\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"38\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":32,\"i\":\"38\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"panelIndex\":\"39\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":108,\"i\":\"39\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\",\"embeddableConfig\":{}},{\"panelIndex\":\"40\",\"gridData\":{\"w\":24,\"h\":28,\"x\":24,\"y\":80,\"i\":\"40\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\",\"embeddableConfig\":{}},{\"panelIndex\":\"41\",\"gridData\":{\"w\":24,\"h\":28,\"x\":0,\"y\":80,\"i\":\"41\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_15\"}]","timeRestore":false,"title":"Overview","version":1},"id":"94b52620-342a-11e7-9d52-4f090484f59e","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"panel_1","type":"search"},{"id":"1c2aeb50-365e-11e7-b896-5bdd6bfa1561","name":"panel_2","type":"visualization"},{"id":"277f3250-4161-11e7-8493-51634b0a4565","name":"panel_3","type":"visualization"},{"id":"901bda80-a83f-11e7-893a-1b88920b2837","name":"panel_4","type":"visualization"},{"id":"5b3988c0-a840-11e7-893a-1b88920b2837","name":"panel_5","type":"visualization"},{"id":"AWDGyaGxxQT5EBNmq3K9","name":"panel_6","type":"visualization"},{"id":"AWDGzmzcxQT5EBNmq3Sj","name":"panel_7","type":"visualization"},{"id":"AWDG0UDvxQT5EBNmq3WD","name":"panel_8","type":"visualization"},{"id":"AWDG1uC-xQT5EBNmq3dP","name":"panel_9","type":"visualization"},{"id":"AWDG3ym0xQT5EBNmq3mG","name":"panel_10","type":"visualization"},{"id":"AWDG4pcDxQT5EBNmq3pi","name":"panel_11","type":"visualization"},{"id":"733ce440-494d-11e8-9576-313be7c6b44b","name":"panel_12","type":"visualization"},{"id":"2a949080-4a3d-11e8-9b0a-f1d33346f773","name":"panel_13","type":"visualization"},{"id":"96c2cf10-4a3d-11e8-9b0a-f1d33346f773","name":"panel_14","type":"visualization"},{"id":"ee0ba080-4a3d-11e8-9b0a-f1d33346f773","name":"panel_15","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM4MywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:snmp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"752f2974-3abc-482c-afdc-c85cf5643cc6\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"752f2974-3abc-482c-afdc-c85cf5643cc6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"dfa3b3da-b86b-4d11-add3-c7e18c40654b\",\"w\":17,\"x\":13,\"y\":0},\"panelIndex\":\"dfa3b3da-b86b-4d11-add3-c7e18c40654b\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"4c444c07-93f9-43d2-966e-1a0db864c011\",\"w\":18,\"x\":30,\"y\":0},\"panelIndex\":\"4c444c07-93f9-43d2-966e-1a0db864c011\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\",\"w\":9,\"x\":0,\"y\":8},\"panelIndex\":\"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\",\"w\":10,\"x\":9,\"y\":8},\"panelIndex\":\"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"2df47b07-dcfd-46a9-a908-cd03bb3ae82e\",\"w\":11,\"x\":19,\"y\":8},\"panelIndex\":\"2df47b07-dcfd-46a9-a908-cd03bb3ae82e\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7fec36da-2c28-4eef-9d15-bd5d64628d1d\",\"w\":18,\"x\":30,\"y\":8},\"panelIndex\":\"7fec36da-2c28-4eef-9d15-bd5d64628d1d\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - SNMP","version":1},"id":"96522610-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"424ace90-75e9-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"690ef880-75e9-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM4NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - \"To\" Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"recipient_to.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}"},"id":"96767400-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ5MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"fd549d70-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM4OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"f9a16c80-371b-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM4OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Keyboard Layout (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Keyboard Layout (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"keyboard_layout.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Keyboard Layout\"}}]}"},"id":"be7637c0-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM5NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Result (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Result (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"result.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Result\"}}]}"},"id":"c4f37d70-6e20-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM5NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Encryption Level (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"RDP - Encryption Level (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Encryption Level\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"encryption_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Encryption Level\"}}]}"},"id":"ef307a70-6e20-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM5NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RDP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHCvBexQT5EBNmq4aK","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM5OCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"w\":12,\"h\":12,\"x\":36,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":12,\"h\":12,\"x\":8,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"w\":16,\"h\":12,\"x\":20,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"Bro - RDP","version":1},"id":"97f8c3a0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"fd549d70-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"f9a16c80-371b-11e7-90f8-87842d5eedc9","name":"panel_3","type":"visualization"},{"id":"0b9dea80-371c-11e7-90f8-87842d5eedc9","name":"panel_4","type":"visualization"},{"id":"19dfd180-371c-11e7-90f8-87842d5eedc9","name":"panel_5","type":"visualization"},{"id":"524e13b0-371c-11e7-90f8-87842d5eedc9","name":"panel_6","type":"visualization"},{"id":"75597b60-371c-11e7-90f8-87842d5eedc9","name":"panel_7","type":"visualization"},{"id":"8e18ee60-371c-11e7-90f8-87842d5eedc9","name":"panel_8","type":"visualization"},{"id":"be7637c0-371c-11e7-90f8-87842d5eedc9","name":"panel_9","type":"visualization"},{"id":"c4f37d70-6e20-11e7-b553-7f80727663c1","name":"panel_10","type":"visualization"},{"id":"ef307a70-6e20-11e7-b553-7f80727663c1","name":"panel_11","type":"visualization"},{"id":"AWDHCvBexQT5EBNmq4aK","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzM5OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"9a33f9a0-365f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU1OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"9a54f150-366e-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYxNywxXQ=="} -{"attributes":{"columns":["source_ip","name","software_type"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_software\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Software - Logs","version":1},"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUzNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Software - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Software - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version_major.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version_minor.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"software_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}]}"},"id":"9b0f6a80-4c7a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU0MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"notice.note.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice\"}}]}"},"id":"9c6ccff0-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY2NywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"meta\":{\"negate\":true,\"disabled\":true,\"alias\":\"Initial Systems/Queries\",\"type\":\"phrase\",\"key\":\"osquery.counter\",\"value\":\"0\",\"params\":{\"query\":0,\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"osquery.counter\":{\"query\":0,\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"osquery.codename\",\"value\":\"server\",\"params\":[\"server\"],\"negate\":false,\"disabled\":true,\"alias\":\"Servers Only\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"osquery.codename\":\"server\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":64,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"columns\":[\"osquery.hostname\",\"osquery.name\",\"osquery.LiveQuery\",\"osquery.EndpointIP1\",\"osquery.EndpointIP2\"]},\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":13,\"i\":\"12\"},\"panelIndex\":\"12\",\"title\":\"\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":8,\"y\":13,\"w\":40,\"h\":14,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"title\":\"Changes by Type\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":13,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelIndex\":\"14\",\"embeddableConfig\":{},\"title\":\"Changes by Hostname\",\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"osquery - Overview","version":1},"id":"9d0e2da0-14e1-11e9-82f7-0da02d93a48b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"panel_1","type":"search"},{"id":"2f556c90-14e3-11e9-82f7-0da02d93a48b","name":"panel_2","type":"visualization"},{"id":"369e16e0-14e4-11e9-82f7-0da02d93a48b","name":"panel_3","type":"visualization"},{"id":"05a5ed10-14e4-11e9-82f7-0da02d93a48b","name":"panel_4","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQwNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Source Ports","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Source Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"id":"9d3413c0-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY5NSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:ssh\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"b816ee0e-45c6-438d-a4ed-799d9e80a9f0\"},\"panelIndex\":\"b816ee0e-45c6-438d-a4ed-799d9e80a9f0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"cbfd7081-d82b-4e29-b21c-6e9584d67328\"},\"panelIndex\":\"cbfd7081-d82b-4e29-b21c-6e9584d67328\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"d9b0c92a-8625-4e72-8a7c-333381e17244\"},\"panelIndex\":\"d9b0c92a-8625-4e72-8a7c-333381e17244\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"766c95ce-e20f-4e88-935f-2211b7be6b65\"},\"panelIndex\":\"766c95ce-e20f-4e88-935f-2211b7be6b65\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\"},\"panelIndex\":\"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":13,\"h\":19,\"i\":\"c2747e56-14c2-4a70-a1a7-e31affae20f8\"},\"panelIndex\":\"c2747e56-14c2-4a70-a1a7-e31affae20f8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":8,\"w\":15,\"h\":19,\"i\":\"ff324073-699d-4b26-b4fd-28190fa3803b\"},\"panelIndex\":\"ff324073-699d-4b26-b4fd-28190fa3803b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":17,\"h\":18,\"i\":\"248c6442-b868-4e06-bfaa-e6da2d2d7463\"},\"panelIndex\":\"248c6442-b868-4e06-bfaa-e6da2d2d7463\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":17,\"y\":27,\"w\":16,\"h\":18,\"i\":\"d24e4833-8b52-45ac-ac3f-bb31379e8380\"},\"panelIndex\":\"d24e4833-8b52-45ac-ac3f-bb31379e8380\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"6711f807-284e-4025-99bb-cee25c0e970d\"},\"panelIndex\":\"6711f807-284e-4025-99bb-cee25c0e970d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - SSH","version":1},"id":"9dfd77e0-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"292b1db0-75ea-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"46221fe0-75ea-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"7d61f430-75ea-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"104a4a90-75eb-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"8afa5f50-75eb-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQxMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Endpoint","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.endpoint.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint\"}}]}"},"id":"a427d6e0-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQxMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Named Pipe","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.named_pipe.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Named Pipe\"}}]}"},"id":"c2f21270-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQxMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Operation","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.operation.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"}}]}"},"id":"df7989f0-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQxMywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dce_rpc\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"95dc50d5-926a-4ab3-a746-0e53f475d658\"},\"panelIndex\":\"95dc50d5-926a-4ab3-a746-0e53f475d658\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":14,\"h\":9,\"i\":\"5b559994-ed67-43c8-8eed-ab30fd8b3d26\"},\"panelIndex\":\"5b559994-ed67-43c8-8eed-ab30fd8b3d26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":9,\"i\":\"4251a61c-1dcd-47b3-9866-f7ed939c73d4\"},\"panelIndex\":\"4251a61c-1dcd-47b3-9866-f7ed939c73d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":21,\"i\":\"e74255f5-4dc6-4df0-ab24-032dd7d4bc02\"},\"panelIndex\":\"e74255f5-4dc6-4df0-ab24-032dd7d4bc02\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":21,\"i\":\"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\"},\"panelIndex\":\"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":9,\"w\":9,\"h\":21,\"i\":\"2a33a3df-4690-4ea4-a71a-9c98cb612213\"},\"panelIndex\":\"2a33a3df-4690-4ea4-a71a-9c98cb612213\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":9,\"w\":8,\"h\":21,\"i\":\"ee61c32f-e801-494f-a819-b5788bed856f\"},\"panelIndex\":\"ee61c32f-e801-494f-a819-b5788bed856f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":21,\"i\":\"f7c23591-431c-4a4c-a69b-a349c37697da\"},\"panelIndex\":\"f7c23591-431c-4a4c-a69b-a349c37697da\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - DCE/RPC","version":1},"id":"9e882df0-72c5-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"a427d6e0-96db-11ea-814e-bb515e873c2c","name":"panel_5","type":"visualization"},{"id":"c2f21270-96db-11ea-814e-bb515e873c2c","name":"panel_6","type":"visualization"},{"id":"df7989f0-96db-11ea-814e-bb515e873c2c","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQxNCwxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.module:osquery\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Osquery","version":1},"id":"9eed5fc0-afcb-11ea-b262-353d451b125b","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-16T12:19:26.779Z","version":"WzcyMywyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"authentication_method.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Method\"}}],\"listeners\":{}}"},"id":"bf47f4c0-371e-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQxOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"bbbe5a80-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQyMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"d6ec3570-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQyMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"e8982270-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQyMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Method (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Authentication Method (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"authentication_method.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}"},"id":"c24191f0-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQyNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RFB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHC8iGxQT5EBNmq4bs","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQyNywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":56,\"i\":\"6\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"8\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":104,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"11\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":56,\"i\":\"12\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":80,\"i\":\"13\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":80,\"i\":\"14\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"15\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":80,\"i\":\"15\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":20,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"panelIndex\":\"17\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"17\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"Bro - RFB","version":1},"id":"9ef20ae0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"265a04d0-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"869e3030-371e-11e7-90f8-87842d5eedc9","name":"panel_2","type":"visualization"},{"id":"bf47f4c0-371e-11e7-90f8-87842d5eedc9","name":"panel_3","type":"visualization"},{"id":"14274040-371f-11e7-90f8-87842d5eedc9","name":"panel_4","type":"visualization"},{"id":"63c072c0-371f-11e7-90f8-87842d5eedc9","name":"panel_5","type":"visualization"},{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"bbbe5a80-6e21-11e7-b553-7f80727663c1","name":"panel_7","type":"visualization"},{"id":"d6ec3570-6e21-11e7-b553-7f80727663c1","name":"panel_8","type":"visualization"},{"id":"e8982270-6e21-11e7-b553-7f80727663c1","name":"panel_9","type":"visualization"},{"id":"4fade7b0-6e22-11e7-b553-7f80727663c1","name":"panel_10","type":"visualization"},{"id":"7c1e3f70-6e22-11e7-b553-7f80727663c1","name":"panel_11","type":"visualization"},{"id":"c24191f0-6e22-11e7-b553-7f80727663c1","name":"panel_12","type":"visualization"},{"id":"AWDHC8iGxQT5EBNmq4bs","name":"panel_13","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQyOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Content Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.content_type.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.content_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"id":"9ff24600-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYwMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Help","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Help\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"## Introduction\\nWelcome to the Security Onion Elastic Stack! This is our implementation of the Elastic Stack on Security Onion. The Elastic Stack consists of three primary components:\\n- `Elasticsearch` - stores logs\\n- `Logstash` - collects and enriches logs before storing them in Elasticsearch\\n- `Kibana` - web interface for visualizing logs\\n\\n## Sidebar\\nStarting on the far left side of the page, you see the Sidebar. This contains links such as:\\n- `Discover` - search data\\n- `Visualize` - create visualizations based on searches\\n- `Dashboard` - view or create dashboards based on visualizations\\n- `Timelion` - timeline analysis\\n- `Dev Tools` - query Elasticsearch directly\\n- `Management` - view or modify Kibana settings\\n- `Squert` - separate web interface for viewing NIDS and HIDS alerts\\n- `Logout` - log out of your session\\n\\nThe first six of those links are within Kibana itself. If you click one of those and then want to get back to the Dashboards area where you started, simply click the `Dashboard` link.\\n\\nClicking the `Squert` link will take you out of Kibana and into Squert. You will not be required to authenticate to Squert since you already have an active Single Sign On (SSO) session.\\n\\nClicking the `Logout` link in either Squert or Kibana will log you out of your SSO session and take you back to the logon screen.\\n\\n## Navigation Panel\\nWhen you are in the Kibana Dashboard area, the panel to the immediate right of the sidebar is the Navigation Panel and it includes links to our dashboards such as Home, Help (this page), Bro Notices, ElastAlert, HIDS, NIDS, etc. Clicking one of the links in the Navigation Panel will take you to a dashboard dedicated to that particular log type. \\n\\n## Dashboards\\nAll dashboards are designed to work at 1024x768 screen resolution in order to maximize compatibility.\\n\\n### Dashboard Hyperlinks\\n\\nThe `source_ip` and `destination_ip` fields are hyperlinked. These hyperlinks will take you to the Indicator dashboard which will help you analyze the traffic relating to that particular IP address.\\n\\n`UID` fields are also hyperlinked. This hyperlink will start a new Kibana search for that particular UID. In the case of Bro UIDs this will show you all Bro logs related to that particular connection.\\n\\nEach log entry also has an `_id` field that is hyperlinked. This hyperlink will take you to CapMe, allowing you to request full packet capture for any arbitrary log type. This assumes that the log is for tcp or udp traffic that was seen by Bro and Bro recorded it correctly in its conn.log. \\n\\n### Overview Dashboard\\nWhen you first go to the Kibana Dashboard area, you are automatically placed into the Overview dashboard, where you will see overview information, such as total number of logs and sensors. Use the information on the Overview dashboard to determine which of the other dashboards on the Navigation Panel you might want to visit next.\\n\\n### Dashboard Categories\\nOur remaining dashboards are grouped into a few categories:\\n- `Alert Data` - dashboards that display alerts created by rules or signatures\\n- `Bro Hunting` - dashboards that allow you to slice and dice network metadata for hunting\\n- `Host Hunting` - dashboards that allow you to hunt via host telemetry\\n- `Other` - dashboards that don't fit into the categories above\\n\\n### Bro Notices\\nBro sniffs network traffic and generates notices such as `SSL::Invalid Server Cert` and `TeamCymruMalwareHashRegistry::Match`.\\n\\n### ElastAlert\\nElastAlert queries Elasticsearch on a regular basis and then generates alerts based on your desired criteria. Security Onion includes two example rules that alert on new IDS events and new connection logs. You can add your own ElastAlert rules in `/etc/elastalert/rules/`.\\n\\n### HIDS\\nOSSEC analyzes log files and generates Host Intrusion Detection System alerts based on its ruleset at `/var/ossec/rules/`. You can add your own rules in `/var/ossec/rules/local_rules.xml`.\\n\\n### NIDS\\nSecurity Onion can use either Snort or Suricata to sniff network traffic and generate Network Intrusion Detection System alerts. \\n\\n### Connections\\nBro sniffs network traffic and logs connection metadata including source IP/port, destination IP/port, protocol, and number of bytes.\\n\\n### DCE/RPC\\nBro sniffs network traffic and logs DCE/RPC metadata including source IP/port, destination IP/port, operation, endpoint, and named pipe.\\n\\n### DHCP\\nBro sniffs network traffic and logs DHCP requests and responses including source IP/port, destination IP/port, and MAC addresses.\\n\\n### DNP3\\nBro sniffs network traffic and logs DNP3 metadata including source IP/port, destination IP/port, function request, function reply.\\n\\n### DNS\\nBro sniffs network traffic and logs DNS queries and answers. Bro also includes other name lookups such as Windows NetBIOS name service requests and Bonjour.\\n\\n### Files\\nBro sniffs network traffic and logs metadata related to files being transferred over the network including IP addresses, MIME type, source, and checksums.\\n\\n### FTP\\nBro sniffs network traffic and logs FTP metadata including source IP/port, destination IP/port, command, reply code, argument, and username.\\n\\n### HTTP\\nBro sniffs network traffic and logs HTTP metadata including source IP/port, destination IP/port, method, status message, MIME type, site name, referer, and user agent.\\n\\n### Intel\\nBro sniffs network traffic and watches for indicators using the Intel framework. You can add your own indicators to `/opt/bro/share/bro/intel/intel.dat`.\\n\\n### IRC\\nBro sniffs network traffic and logs IRC metadata including source IP/port, destination IP/port, command, and username.\\n\\n### Kerberos\\nBro sniffs network traffic and logs Kerberos metadata including source IP/port, destination IP/port, cipher, client, server, service, request type, and success status.\\n\\n### Modbus\\nBro sniffs network traffic and logs Modbus metadata including source IP/port, destination IP/port, and function.\\n\\n### MySQL\\nBro sniffs network traffic and logs MySQL metadata including source IP/port, destination IP/port, command/argument, status, and response.\\n\\n### NTLM\\nBro sniffs network traffic and logs NTLM metadata including source IP/port, destination IP/port, hostname, username, and status.\\n\\n### PE\\nBro sniffs network traffic and logs PE metadata including OS, subsystem, machine, and section name.\\n\\n### RADIUS\\nBro sniffs network traffic and logs RADIUS metadata including source IP/port, destination IP/port, username, and result.\\n\\n### RDP\\nBro sniffs network traffic and logs RDP metadata including source IP/port, destination IP/port, client build, keyboard layout, encryption level, and result.\\n\\n### RFB\\nBro sniffs network traffic and logs RFB metadata including source IP/port, destination IP/port, authentication method, authentication status, client version, server version, and desktop name.\\n\\n### SIP\\nBro sniffs network traffic and logs SIP metadata including source IP/port, destination IP/port, method, content type, status, uri, and user agent.\\n\\n### SMB\\nBro sniffs network traffic and logs SMB metadata including source IP/port, destination IP/port, file name, and action.\\n\\n### SMTP\\nBro sniffs network traffic and logs SMTP metadata including source IP/port, destination IP/port, from, to, subject, and user agent.\\n\\n### SNMP\\nBro sniffs network traffic and logs SNMP metadata including source IP/port, destination IP/port, version, community, and duration.\\n\\n### Software\\nBro sniffs network traffic and logs metadata relating to the kinds of software that generated that traffic including name, type, and version.\\n\\n### SSH\\nBro sniffs network traffic and logs SSH metadata including source IP/port, destination IP/port, client version, server version, and success.\\n\\n### SSL\\nBro sniffs network traffic and logs SSL metadata including source IP/port, destination IP/port, server name, certificate subject, cipher, and validation status.\\n\\n### Syslog\\nBro sniffs network traffic and logs Syslog metadata including source IP/port, destination IP/port, severity, and protocol.\\n\\n### Tunnels\\nBro sniffs network traffic and detects IP, GRE, SOCKS, TEREDO, and AVAYA tunnels. It logs metadata including source IP/port, destination IP/port, type, and action.\\n\\n### Weird\\nBro sniffs network traffic and logs protocol anomalies metadata including source IP/port, destination IP/port, and the type of anomaly.\\n\\n### X.509\\nBro sniffs network traffic and logs X.509 metadata including certificate subject, issuer, key algorithm, key length, and signing algorithm.\\n\\n### Autoruns\\nSysinternals Autoruns can identify the processes which Windows is configured to automatically run. Autoruns data can then be ingested via [Autoruns To WinEventLog](https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog).\\n\\n### Beats\\nElastic Beats can be deployed on endpoints to collect host telemetry and send to Logstash for storage in Elasticsearch.\\n\\n### OSSEC\\nOSSEC agents can be deployed on endpoints to collect host telemetry and send to the OSSEC Server included in Security Onion. OSSEC Alerts can be found in the Alert Data category at the top of the Navigation Panel. This OSSEC hunting dashboard will allow you to hunt through all OSSEC logs, not just alerts.\\n\\n### Sysmon\\nSysinternal Sysmon provides comprehensive telemetry for Windows hosts. Its logs can be consumed using Beats, OSSEC, or other transport mechanism.\\n\\n### Domain Stats\\nSecurity Onion includes a tool called domain_stats which will do a whois lookup on a domain name to determine the age of the domain. If enabled, this dashboard looks for baby domains that have been recently registered. Please note that domain_stats is only enabled when running in Evaluation Mode.\\n\\n### Firewall\\nFirewall logs can be consumed via syslog or other transport mechanism. Once consumed, this dashboard allows you to slice and dice those firewall logs based on source IP/port, destination IP/port, protocol, and action.\\n\\n### Frequency\\nSecurity Onion includes a tool called freq_server which can perform frequency analysis of hostnames. If enabled, this dashboard will show hostnames with a frequency analysis score that indicates that they could have been randomly generated. Please note that freq_server is only enabled when running in Evaluation Mode.\\n\\n### Stats\\nThis dashboard shows statistics for Logstash including processing times for different log types and any errors that may have occurred.\\n\\n## More Information\\nFor additional information, please refer to our documentation at:\\n\\nhttps://securityonion.net/docs/Elastic\",\"type\":\"markdown\"},\"aggs\":[]}"},"id":"AV6-PHKnDwoBUzALqJ_c","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQyOSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":40,\"h\":204,\"x\":8,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Help","version":1},"id":"AV6-POJSDwoBUzALqKAg","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"AV6-PHKnDwoBUzALqJ_c","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQzMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Issuer Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Issuer Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer Common Name\"}}],\"listeners\":{}}"},"id":"a83f17c0-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQzNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:server_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Server Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Server Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"server_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}}],\"listeners\":{}}"},"id":"c2e54c20-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQzNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"certificate_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}}],\"listeners\":{}}"},"id":"e03ba1d0-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQzNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Issuer Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}"},"id":"acd38970-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQzNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_organization_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Issuer Organization Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer Organization Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_organization_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_organization.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer Organization\"}}],\"listeners\":{}}"},"id":"c3f244c0-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQzOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:parent_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Parent Domain Frequency Analysis","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"DNS - Parent Domain Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"parent_domain_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}"},"id":"c9f5d3a0-6f05-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQzOSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":52,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":76,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":76,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":100,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":100,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":124,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":124,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":8,\"h\":52,\"x\":0,\"y\":0,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":48,\"h\":80,\"x\":0,\"y\":148,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":40,\"h\":28,\"x\":8,\"y\":24,\"i\":\"12\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}]","timeRestore":false,"title":"Frequency Analysis","version":1},"id":"AWAi5k4jAvKNGEbUWFis","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f1f00a0-6f04-11e7-b253-211f64f37eda","name":"panel_0","type":"visualization"},{"id":"7d1ede50-6f19-11e7-86c8-a1b6db3b051a","name":"panel_1","type":"visualization"},{"id":"8fa702e0-6f0b-11e7-9d31-23c0596994a7","name":"panel_2","type":"visualization"},{"id":"a83f17c0-6f0b-11e7-9d31-23c0596994a7","name":"panel_3","type":"visualization"},{"id":"c2e54c20-6f0b-11e7-9d31-23c0596994a7","name":"panel_4","type":"visualization"},{"id":"e03ba1d0-6f0a-11e7-83d2-adea2f314dc5","name":"panel_5","type":"visualization"},{"id":"acd38970-6f0a-11e7-83d2-adea2f314dc5","name":"panel_6","type":"visualization"},{"id":"c3f244c0-6f0a-11e7-83d2-adea2f314dc5","name":"panel_7","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_8","type":"visualization"},{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"panel_9","type":"search"},{"id":"c9f5d3a0-6f05-11e7-b253-211f64f37eda","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ0MCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":40,\"h\":48,\"x\":8,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":48,\"h\":36,\"x\":0,\"y\":48,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}}]","timeRestore":false,"title":"Baby Domains","version":1},"id":"AWAi6wvxAvKNGEbUWO_j","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"41ec0ca0-6f13-11e7-86c8-a1b6db3b051a","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","name":"panel_2","type":"search"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ0MywxXQ=="} -{"attributes":{"fieldFormatMap":"{\"process_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"event_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"apache2.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"apache2.error.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.tid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.a0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.acct\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.item\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.items\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.new_auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.new_ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.old_auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.old_ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.record_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.res\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AlgorithmName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AuthenticationPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Binary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Configuration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ConfigurationFileHash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CurrentDirectory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationIp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationIsIpv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceVersionMajor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceVersionMinor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DirtyPages\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ElevatedToken\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.EventType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ExtraInfoLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ExtraInfoString\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.FilterID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.FinalStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Hashes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.HiveName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.HiveNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ImagePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ImpersonationLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IntegrityLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IpAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IpPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyFilePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeysUpdated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LmPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.NewSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.NewTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.OldTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.OriginalSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentCommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentImage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentProcessGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PreviousTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PrivilegeList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProviderName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.RestrictedAdminMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ReturnCode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SchemaVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ServiceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ServiceType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceHostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceIp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceIsIpv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourcePort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.StartType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.State\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetFilename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetLinkedLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetObject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetOutboundDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetOutboundUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TerminalSessionId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TransmittedServices\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.User\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.UtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.VirtualAccount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Workstation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.WorkstationName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param10\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param11\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param12\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param14\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param16\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param17\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param19\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param20\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param21\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param22\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param4\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param7\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param8\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param9\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.serviceGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateRevisionNumber\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateTitle\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileset.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileset.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.debug.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.debug.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.debug.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.main.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.main.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.main.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.startup.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.startup.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.startup.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.component\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.trace.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.trace.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.trace.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keywords\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container.image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.pod.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.log.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.plugin_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.plugin_params\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.plugin_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.took_in_millis\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.took_in_nanos\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.instance_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.instance_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.machine_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.project_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.error.thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.lock_time.sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.query_time.sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.rows_examined\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.rows_sent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.timestamp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nginx.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.connection_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nginx.error.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.tid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"opcode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.database\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"postgresql.log.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"provider_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"read_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"record_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"redis.log.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.role\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.duration.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related_activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stream\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.groupadd.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.groupadd.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.dropped_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.home\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.uid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"task\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.backend_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.frontend_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.request_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.binaryData\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.binaryDataSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.xml_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"xml\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-beats-*"},"id":"AWBLHZaBRuBloj96jvrD","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ0NCwxXQ=="} -{"attributes":{"columns":["computer_name","process_id","user.name","event_id","event_data.Image"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"All Beats Logs","version":1},"id":"AWBLMr9vRuBloj96jxp1","migrationVersion":{"search":"7.4.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ0NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Process IDs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Process IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"AWBLN7X2RuBloj96jxxY","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ0NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Computer Names","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Computer Names\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"computer_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"AWBLNriuRuBloj96jxv3","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ0NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Event IDs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Event IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"AWBLOT8MRuBloj96jx0N","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ0OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Usernames","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"Beats - Usernames\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"AWBLONJCRuBloj96jxzY","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ0OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Beats - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"AWBLQ2__RuBloj96jyDn","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ1MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Beats - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHHHR8xQT5EBNmq4z7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ1MSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":48,\"h\":44,\"x\":0,\"y\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"columns\":[\"computer_name\",\"process_id\",\"user.name\",\"event_id\",\"event_data.Image\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":28,\"h\":8,\"x\":20,\"y\":0,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":12,\"h\":8,\"x\":8,\"y\":0,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}]","timeRestore":false,"title":"Beats","version":1},"id":"AWBLNS3CRuBloj96jxub","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"AWBLMr9vRuBloj96jxp1","name":"panel_0","type":"search"},{"id":"AWBLNriuRuBloj96jxv3","name":"panel_1","type":"visualization"},{"id":"AWBLN7X2RuBloj96jxxY","name":"panel_2","type":"visualization"},{"id":"AWBLOT8MRuBloj96jx0N","name":"panel_3","type":"visualization"},{"id":"AWBLONJCRuBloj96jxzY","name":"panel_4","type":"visualization"},{"id":"AWBLQ2__RuBloj96jyDn","name":"panel_5","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_6","type":"visualization"},{"id":"AWDHHHR8xQT5EBNmq4z7","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ1MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG71xFxQT5EBNmq336","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYyNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DNS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG9Qx0xQT5EBNmq3_2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY0NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SNMP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHD-LfxQT5EBNmq4iB","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUzMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SIP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHDNS4xQT5EBNmq4dF","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ3NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SMB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHDfDkxQT5EBNmq4fQ","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUxOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SMTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHDsr0xQT5EBNmq4gw","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUwMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHE-_wxQT5EBNmq4n3","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU1MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Software - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Software - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHEKJUxQT5EBNmq4jW","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUzOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SSH - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHEYk4xQT5EBNmq4k5","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU2MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHElRWxQT5EBNmq4lz","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU4NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Tunnels - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHFYrqxQT5EBNmq4qT","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU5NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHGXk-xQT5EBNmq4uf","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYxMywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHGklsxQT5EBNmq4wG","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYzNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Connection","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"uid.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"uid.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}}],\"listeners\":{}}"},"id":"f1325230-3b0d-11e7-a0fe-29878c6f414a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ1MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max total_bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}"},"id":"acd65230-3b0d-11e7-a0fe-29878c6f414a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ1NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Destination IP","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"total_bytes\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"destination_ip\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"destination_ip\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\"}"},"id":"eeafbb70-3b0c-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ1NywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":71,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":20,\"h\":18,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":18,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":18,\"w\":20,\"h\":20,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":38,\"w\":40,\"h\":33,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":28,\"y\":18,\"w\":20,\"h\":20,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Connections - Total Bytes","version":1},"id":"a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"f1325230-3b0d-11e7-a0fe-29878c6f414a","name":"panel_1","type":"visualization"},{"id":"acd65230-3b0d-11e7-a0fe-29878c6f414a","name":"panel_2","type":"visualization"},{"id":"41a33c80-3b0d-11e7-a6f9-5d3fe735ec2b","name":"panel_3","type":"visualization"},{"id":"726cc040-48cf-11e8-9576-313be7c6b44b","name":"panel_4","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"eeafbb70-3b0c-11e7-a6f9-5d3fe735ec2b","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ1OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"a5045e20-3bd1-11e7-a3ae-1754b87179c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ5NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"id":"a663e070-4c78-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUxOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SNMP - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"a67546c0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUyNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - Request - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - Request - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"request.client.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"id":"a7ebb450-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY3NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Data Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Data Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":false,\"last_level\":false,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"url\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"ac6b1720-7559-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ1OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"observer.name:* OR agent.name:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Log Count By Node ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Log Count By Node \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"observer.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"observer.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Node\"}}]}"},"id":"a9fae5c0-6e9b-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ2MCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"e243c0f0-f7cf-453e-8f5c-dc93e4651d69\",\"w\":9,\"x\":0,\"y\":0},\"panelIndex\":\"e243c0f0-f7cf-453e-8f5c-dc93e4651d69\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"5fdac8ff-799a-4d54-8dcb-ee1728d9623d\",\"w\":17,\"x\":9,\"y\":0},\"panelIndex\":\"5fdac8ff-799a-4d54-8dcb-ee1728d9623d\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"126f5365-8829-469d-8349-a08874975584\",\"w\":22,\"x\":26,\"y\":0},\"panelIndex\":\"126f5365-8829-469d-8349-a08874975584\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"9c61759c-0b14-433b-bca7-fd22f9a20630\",\"w\":22,\"x\":0,\"y\":8},\"panelIndex\":\"9c61759c-0b14-433b-bca7-fd22f9a20630\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"504e0ba1-08f7-4601-833d-6615d84e8fba\",\"w\":9,\"x\":22,\"y\":8},\"panelIndex\":\"504e0ba1-08f7-4601-833d-6615d84e8fba\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"e3425787-250b-4dad-8244-4c7ba65df3d9\",\"w\":8,\"x\":31,\"y\":8},\"panelIndex\":\"e3425787-250b-4dad-8244-4c7ba65df3d9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"9c133f8f-ca11-4a4b-ac5a-3dfe3b87f20e\",\"w\":9,\"x\":39,\"y\":8},\"panelIndex\":\"9c133f8f-ca11-4a4b-ac5a-3dfe3b87f20e\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - Home","version":1},"id":"a8411b30-6d03-11ea-b301-3d6c35840645","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ac6b1720-7559-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_5","type":"visualization"},{"id":"a9fae5c0-6e9b-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ2MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Osquery - Query Results Count","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.result.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Query Results\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.result.hostname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.result.live_query.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Live Query Pivot\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.result.endpoint_ip1.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint Primary IP\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - Osquery - Query Results Count\"}"},"id":"ab47a590-afcc-11ea-b262-353d451b125b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9eed5fc0-afcb-11ea-b262-353d451b125b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-16T12:58:03.053Z","version":"Wzc1NCwyXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"3919aa4b-bef6-4545-a780-484bae2df9ee\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"3919aa4b-bef6-4545-a780-484bae2df9ee\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"}]","timeRestore":false,"title":"Security Onion - Users","version":1},"id":"abbe1140-72c7-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ2MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Dataset By Node","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Dataset By Node\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.dataset.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}}]}"},"id":"abffa080-6ec9-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY5NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"f5166880-374f-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ2NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Request Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request_path.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}"},"id":"dddb4430-3752-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ2OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"dfd1dc00-6e24-11e7-a261-55504638cf3b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ3NCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":72,\"w\":16,\"h\":24,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":16,\"y\":72,\"w\":16,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":20,\"y\":8,\"w\":12,\"h\":16,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"11\",\"gridData\":{\"x\":0,\"y\":96,\"w\":48,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":20,\"y\":48,\"w\":28,\"h\":24,\"i\":\"13\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":32,\"y\":24,\"w\":16,\"h\":24,\"i\":\"14\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":48,\"w\":20,\"h\":24,\"i\":\"15\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"16\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":16,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"panelIndex\":\"17\",\"gridData\":{\"x\":0,\"y\":120,\"w\":48,\"h\":30,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"18\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":16,\"i\":\"18\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"19\",\"gridData\":{\"x\":32,\"y\":72,\"w\":16,\"h\":24,\"i\":\"19\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"},{\"panelIndex\":\"20\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":24,\"w\":24,\"h\":24,\"i\":\"21\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - SIP","version":1},"id":"ad3c0830-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"5393c710-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"f5166880-374f-11e7-b74a-f5057991ccd2","name":"panel_2","type":"visualization"},{"id":"04e1aea0-3750-11e7-b74a-f5057991ccd2","name":"panel_3","type":"visualization"},{"id":"90bf0a80-3750-11e7-b74a-f5057991ccd2","name":"panel_4","type":"visualization"},{"id":"dddb4430-3752-11e7-b74a-f5057991ccd2","name":"panel_5","type":"visualization"},{"id":"5e36c370-3753-11e7-b74a-f5057991ccd2","name":"panel_6","type":"visualization"},{"id":"73f663f0-3753-11e7-b74a-f5057991ccd2","name":"panel_7","type":"visualization"},{"id":"930b1600-3753-11e7-b74a-f5057991ccd2","name":"panel_8","type":"visualization"},{"id":"2db47070-3754-11e7-b74a-f5057991ccd2","name":"panel_9","type":"visualization"},{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"panel_10","type":"search"},{"id":"1ef5c230-6e24-11e7-a261-55504638cf3b","name":"panel_11","type":"visualization"},{"id":"dfd1dc00-6e24-11e7-a261-55504638cf3b","name":"panel_12","type":"visualization"},{"id":"AWDHDNS4xQT5EBNmq4dF","name":"panel_13","type":"visualization"},{"id":"0291dba0-4c78-11e8-9b0a-f1d33346f773","name":"panel_14","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ3NywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:files\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"257c130f-3673-410c-9f60-d67deb13b580\"},\"panelIndex\":\"257c130f-3673-410c-9f60-d67deb13b580\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":7,\"i\":\"de6206b4-7adb-44a0-ae00-2d28274478c8\"},\"panelIndex\":\"de6206b4-7adb-44a0-ae00-2d28274478c8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":7,\"i\":\"93532ba0-f446-4a97-8783-a04dd4347485\"},\"panelIndex\":\"93532ba0-f446-4a97-8783-a04dd4347485\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":19,\"i\":\"a2af856c-7069-46b2-974c-e8b9054af929\"},\"panelIndex\":\"a2af856c-7069-46b2-974c-e8b9054af929\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":7,\"w\":9,\"h\":19,\"i\":\"4a3de026-5001-46a6-af20-78db885bd4bb\"},\"panelIndex\":\"4a3de026-5001-46a6-af20-78db885bd4bb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":17,\"y\":7,\"w\":17,\"h\":19,\"i\":\"74071657-abfc-49e7-a0c3-e318b72a9d4c\"},\"panelIndex\":\"74071657-abfc-49e7-a0c3-e318b72a9d4c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":34,\"y\":7,\"w\":14,\"h\":19,\"i\":\"2379029c-c749-4804-91df-3d9be3fc4f8a\"},\"panelIndex\":\"2379029c-c749-4804-91df-3d9be3fc4f8a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":26,\"w\":21,\"h\":19,\"i\":\"0e36a0b5-5905-43c6-8ae1-f3eb348571a0\"},\"panelIndex\":\"0e36a0b5-5905-43c6-8ae1-f3eb348571a0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":21,\"y\":26,\"w\":8,\"h\":19,\"i\":\"99813eab-a19b-47d2-a8ee-8bcb667eedbf\"},\"panelIndex\":\"99813eab-a19b-47d2-a8ee-8bcb667eedbf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":26,\"w\":10,\"h\":19,\"i\":\"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\"},\"panelIndex\":\"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":39,\"y\":26,\"w\":9,\"h\":19,\"i\":\"c51df9f8-9010-4cae-9c7c-76ca7af98f13\"},\"panelIndex\":\"c51df9f8-9010-4cae-9c7c-76ca7af98f13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":24,\"i\":\"226350dd-3afe-4135-a8da-71db63287a95\"},\"panelIndex\":\"226350dd-3afe-4135-a8da-71db63287a95\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"Security Onion - Zeek Files","version":1},"id":"ad4d5d60-75f4-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"09fc6ef0-7732-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"2fc4bea0-7730-11ea-bee5-af7f7c7b8e05","name":"panel_8","type":"visualization"},{"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","name":"panel_9","type":"visualization"},{"id":"efc25540-75f1-11ea-9565-7315f4ee5cac","name":"panel_10","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_11","type":"search"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ4MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"ae4e88b0-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU0OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Destination Country (Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Destination Country (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destination_geo.country_name.keyword: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"ae959820-365c-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU4MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - TLS - True/False (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SMTP - TLS - True/False (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"TLS\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS\"}}],\"listeners\":{}}"},"id":"aeb71cc0-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ5OSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Initial Systems/Queries\",\"disabled\":true,\"key\":\"osquery.counter\",\"negate\":true,\"params\":{\"query\":0,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"osquery.counter\":{\"query\":0,\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Servers Only\",\"disabled\":true,\"key\":\"osquery.codename\",\"negate\":false,\"params\":{\"query\":\"server\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"server\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"osquery.codename\":{\"query\":\"server\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":64,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":11,\"i\":\"16\"},\"panelIndex\":\"16\",\"title\":\"\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":29,\"w\":40,\"h\":20,\"i\":\"18\"},\"panelIndex\":\"18\",\"title\":\"Chrome Extensions - Logs\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":11,\"w\":40,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"title\":\"Chrome Extensions - Sensitive Permissions\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":11,\"i\":\"20\"},\"version\":\"7.3.0\",\"panelIndex\":\"20\",\"embeddableConfig\":{},\"title\":\"Chrome Extensions - Changes by Hostname\",\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"osquery - Chrome Extensions","version":1},"id":"af0ea750-18d3-11e9-932c-d12d2cf4ee95","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"71538370-18d5-11e9-932c-d12d2cf4ee95","name":"panel_1","type":"visualization"},{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"panel_2","type":"search"},{"id":"78cf8bf0-1a59-11e9-ac0b-cb0ba10141ab","name":"panel_3","type":"visualization"},{"id":"04f86530-1a59-11e9-ac0b-cb0ba10141ab","name":"panel_4","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ4NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Osquery - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"title\":\"Security Onion - Osquery - Name\"}"},"id":"af139720-afcb-11ea-b262-353d451b125b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-16T12:19:53.873Z","version":"WzcyNywyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}"},"id":"c47e2a10-39a1-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ5MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMTP - Destination Country (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - Destination Country (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}"},"id":"dfe23030-39a1-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ5MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - TLS (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - TLS (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"c3bb32c0-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ5NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"f18a0480-3bd0-11e7-9c09-4f161b0766dd","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ5NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"useragent.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"d776e510-6e28-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzQ5NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"d5aa6d00-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUwMCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":80,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":80,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":16,\"y\":56,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":104,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":20,\"i\":\"17\"},\"panelIndex\":\"17\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":20,\"i\":\"18\"},\"panelIndex\":\"18\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":56,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"20\"},\"panelIndex\":\"20\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\"}]","timeRestore":false,"title":"Bro - SMTP","version":1},"id":"b10a9c60-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"7c922990-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"c47e2a10-39a1-11e7-8472-0151e5b2b475","name":"panel_2","type":"visualization"},{"id":"dfe23030-39a1-11e7-8472-0151e5b2b475","name":"panel_3","type":"visualization"},{"id":"73b1b240-39a2-11e7-8472-0151e5b2b475","name":"panel_4","type":"visualization"},{"id":"96767400-39a2-11e7-8472-0151e5b2b475","name":"panel_5","type":"visualization"},{"id":"c3bb32c0-39a2-11e7-8472-0151e5b2b475","name":"panel_6","type":"visualization"},{"id":"f18a0480-3bd0-11e7-9c09-4f161b0766dd","name":"panel_7","type":"visualization"},{"id":"a5045e20-3bd1-11e7-a3ae-1754b87179c0","name":"panel_8","type":"visualization"},{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"d776e510-6e28-11e7-8b76-75eee0095daa","name":"panel_10","type":"visualization"},{"id":"53beb0d0-6e29-11e7-8b76-75eee0095daa","name":"panel_11","type":"visualization"},{"id":"aeb71cc0-6e29-11e7-8b76-75eee0095daa","name":"panel_12","type":"visualization"},{"id":"d5aa6d00-6e29-11e7-8b76-75eee0095daa","name":"panel_13","type":"visualization"},{"id":"AWDHDsr0xQT5EBNmq4gw","name":"panel_14","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUwMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - IIN","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - IIN\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dnp3.iin: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dnp3.iin\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IIN\"}}]}"},"id":"f991b6d0-75b8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUwMywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dnp3\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\"},\"panelIndex\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":15,\"h\":8,\"i\":\"1b99097d-a957-4163-9810-263a0e653c18\"},\"panelIndex\":\"1b99097d-a957-4163-9810-263a0e653c18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":8,\"i\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},\"panelIndex\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\"},\"panelIndex\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":19,\"i\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},\"panelIndex\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":8,\"w\":12,\"h\":19,\"i\":\"a9916c8f-c82b-413d-8561-64ce0d68d3b8\"},\"panelIndex\":\"a9916c8f-c82b-413d-8561-64ce0d68d3b8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"04426d00-3313-40eb-a0c9-2541a7ea99f3\"},\"panelIndex\":\"04426d00-3313-40eb-a0c9-2541a7ea99f3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - DNP3","version":1},"id":"b1f52180-755a-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f991b6d0-75b8-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"214793c0-75b9-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUwNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Authentication Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.authentication.method.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.authentication.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"id":"b2053990-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU2NSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:kerberos\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\"},\"panelIndex\":\"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":15,\"h\":9,\"i\":\"e0e4a50d-887b-472b-a790-302966fb6f49\"},\"panelIndex\":\"e0e4a50d-887b-472b-a790-302966fb6f49\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":9,\"i\":\"5cca2c4b-7299-4122-a3d5-3637ef23dc5d\"},\"panelIndex\":\"5cca2c4b-7299-4122-a3d5-3637ef23dc5d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":19,\"i\":\"aa944a94-288e-490f-9e04-f5b3bc2cf19f\"},\"panelIndex\":\"aa944a94-288e-490f-9e04-f5b3bc2cf19f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":19,\"i\":\"ebc359a7-3dce-4e7d-bd70-355cc8099437\"},\"panelIndex\":\"ebc359a7-3dce-4e7d-bd70-355cc8099437\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":9,\"w\":11,\"h\":19,\"i\":\"251dacac-b4c5-481a-9e41-8173e9bc27ab\"},\"panelIndex\":\"251dacac-b4c5-481a-9e41-8173e9bc27ab\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":9,\"w\":7,\"h\":19,\"i\":\"1a78a61c-7b0a-425f-ade8-bcbb302a2585\"},\"panelIndex\":\"1a78a61c-7b0a-425f-ade8-bcbb302a2585\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":38,\"y\":9,\"w\":10,\"h\":19,\"i\":\"eba2e210-8b36-41a7-8ac5-7d63cfc022e1\"},\"panelIndex\":\"eba2e210-8b36-41a7-8ac5-7d63cfc022e1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Kerberos","version":1},"id":"b207ab90-75bc-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"0ecc7310-75bd-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"2d73e460-75bd-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"48331f00-75bd-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUwOSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":104,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":32,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - SMB","version":1},"id":"b3a53710-3aaa-11e7-8b17-0d8709b02c80","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"panel_0","type":"search"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"85e40a70-3aac-11e7-8b17-0d8709b02c80","name":"panel_2","type":"visualization"},{"id":"15b4e7a0-3aad-11e7-8b17-0d8709b02c80","name":"panel_3","type":"visualization"},{"id":"31f5e040-3aad-11e7-8b17-0d8709b02c80","name":"panel_4","type":"visualization"},{"id":"6f883480-3aad-11e7-8b17-0d8709b02c80","name":"panel_5","type":"visualization"},{"id":"60384e00-3aaf-11e7-a83b-b1b4da7d15f4","name":"panel_6","type":"visualization"},{"id":"72f0f010-3aaf-11e7-a83b-b1b4da7d15f4","name":"panel_7","type":"visualization"},{"id":"306c4330-4175-11e7-a0f7-47f4c03e3306","name":"panel_8","type":"visualization"},{"id":"AWDHDfDkxQT5EBNmq4fQ","name":"panel_9","type":"visualization"},{"id":"a663e070-4c78-11e8-9b0a-f1d33346f773","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUyMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Responder Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"respond_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}"},"id":"b50912f0-366f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYxOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Tunnels - Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Tunnels - Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tunnel.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"id":"b6120810-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU3MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Responder Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Responder Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"respond_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"id":"f3bc9fa0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUyMSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2}}]","timeRestore":false,"title":"Connections - Source - Responder Bytes","version":1},"id":"b65775e0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"f3bc9fa0-46cb-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUyMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"e8511600-36b8-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUyNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Session Duration","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"duration\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}"},"id":"e47015d0-36b9-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUyNywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":24,\"y\":32,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":32,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":8,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - SNMP","version":1},"id":"b65c2710-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"a67546c0-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"e8511600-36b8-11e7-9786-41a1d72e15ad","name":"panel_2","type":"visualization"},{"id":"0defabb0-36b9-11e7-9786-41a1d72e15ad","name":"panel_3","type":"visualization"},{"id":"e47015d0-36b9-11e7-9786-41a1d72e15ad","name":"panel_4","type":"visualization"},{"id":"2a3ae810-36ba-11e7-9786-41a1d72e15ad","name":"panel_5","type":"visualization"},{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"7dc62970-6e2a-11e7-8b76-75eee0095daa","name":"panel_7","type":"visualization"},{"id":"AWDHD-LfxQT5EBNmq4iB","name":"panel_8","type":"visualization"},{"id":"83a91450-4c79-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUzMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Validation Status","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Validation Status\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.validation_status.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssl.validation_status.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}"},"id":"b8371250-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY1NiwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:radius\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"005ac000-9db8-4310-97d5-4574cdaf0e49\"},\"panelIndex\":\"005ac000-9db8-4310-97d5-4574cdaf0e49\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":9,\"i\":\"a65d1358-9fa9-4457-8a46-5790a748d1fa\"},\"panelIndex\":\"a65d1358-9fa9-4457-8a46-5790a748d1fa\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"d38d991e-53e4-4b71-8e3f-c0d4b0d454da\"},\"panelIndex\":\"d38d991e-53e4-4b71-8e3f-c0d4b0d454da\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":19,\"i\":\"9304c1a2-e55f-4f51-bd04-d15892b754a4\"},\"panelIndex\":\"9304c1a2-e55f-4f51-bd04-d15892b754a4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":19,\"i\":\"7075ea4f-e935-470c-9329-9a0b15202385\"},\"panelIndex\":\"7075ea4f-e935-470c-9329-9a0b15202385\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":19,\"i\":\"91a90e9d-71f7-484c-a561-6aef6a3b8f09\"},\"panelIndex\":\"91a90e9d-71f7-484c-a561-6aef6a3b8f09\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":24,\"y\":9,\"w\":9,\"h\":19,\"i\":\"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\"},\"panelIndex\":\"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":19,\"i\":\"766f8f9b-3f31-47d8-9734-442fc1fcff84\"},\"panelIndex\":\"766f8f9b-3f31-47d8-9734-442fc1fcff84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - RADIUS","version":1},"id":"b9769e60-75c4-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"767c89f0-af4c-11ea-b262-353d451b125b","name":"panel_5","type":"visualization"},{"id":"0ca071b0-75c5-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"27ab8260-75c5-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T21:09:44.413Z","version":"WzcwNywyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"id":"bc7fbe00-4a44-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYyNSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:osquery\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"7f9eaa30-b358-4027-a312-249defe273c4\"},\"panelIndex\":\"7f9eaa30-b358-4027-a312-249defe273c4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":7,\"i\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},\"panelIndex\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":7,\"i\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},\"panelIndex\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":48,\"h\":16,\"i\":\"fae63e28-6a3c-4641-94fd-e5b033ac55b9\"},\"panelIndex\":\"fae63e28-6a3c-4641-94fd-e5b033ac55b9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":31,\"i\":\"db4fa812-32fb-43c8-baa8-e88206cae126\"},\"panelIndex\":\"db4fa812-32fb-43c8-baa8-e88206cae126\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"Security Onion - Osquery","version":1},"id":"bf7cf8d0-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ab47a590-afcc-11ea-b262-353d451b125b","name":"panel_3","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"search"}],"type":"dashboard","updated_at":"2020-06-16T12:33:26.077Z","version":"Wzc0MiwyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Software - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Software - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"da4cc2c0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzUzOCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":48,\"h\":40,\"x\":0,\"y\":44,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"name\",\"software_type\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":40,\"h\":36,\"x\":8,\"y\":8,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - Software","version":1},"id":"c2c99c30-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"da4cc2c0-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"AWDHEKJUxQT5EBNmq4jW","name":"panel_3","type":"visualization"},{"id":"9b0f6a80-4c7a-11e8-9b0a-f1d33346f773","name":"panel_4","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU0MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Protocol (Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Connections - Protocol (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Protocol\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}"},"id":"c3152010-3673-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYyMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"ec40c5e0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU0MiwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:mysql\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"b08e3120-b482-4817-b3e9-f521f5acd8f2\"},\"panelIndex\":\"b08e3120-b482-4817-b3e9-f521f5acd8f2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":9,\"i\":\"e23b2681-5eae-4de6-8933-ba755508ec5b\"},\"panelIndex\":\"e23b2681-5eae-4de6-8933-ba755508ec5b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":9,\"i\":\"53e06ed2-d64f-46dc-b864-5b884a8c53dc\"},\"panelIndex\":\"53e06ed2-d64f-46dc-b864-5b884a8c53dc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"2bfa498b-d0a8-48ee-9a47-bcf288127d2a\"},\"panelIndex\":\"2bfa498b-d0a8-48ee-9a47-bcf288127d2a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\"},\"panelIndex\":\"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"e2f6f286-c4ba-4642-b650-366aca2c3d2d\"},\"panelIndex\":\"e2f6f286-c4ba-4642-b650-366aca2c3d2d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"f84a5dbd-d99c-4c24-895f-18f1d419af93\"},\"panelIndex\":\"f84a5dbd-d99c-4c24-895f-18f1d419af93\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":16,\"i\":\"3b2e66eb-aa46-4363-b8ad-efd564b95279\"},\"panelIndex\":\"3b2e66eb-aa46-4363-b8ad-efd564b95279\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - MySQL","version":1},"id":"c3ced6d0-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"ec40c5e0-75c0-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"1f306f60-75c0-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"3af496e0-75c0-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU0NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"ca9ffc10-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU1MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Protocol","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"protocol.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}"},"id":"e9d5ae30-76b6-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU1MSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":8,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":28,\"h\":24,\"x\":8,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}]","timeRestore":false,"title":"Bro - Syslog","version":1},"id":"c4bbe040-76b3-11e7-ba96-cba76a1e264d","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"92b202e0-76b4-11e7-94e1-3d2ec4e57ed9","name":"panel_1","type":"visualization"},{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"panel_2","type":"search"},{"id":"6c60a280-76b5-11e7-94e1-3d2ec4e57ed9","name":"panel_3","type":"visualization"},{"id":"ae4e88b0-76b5-11e7-94e1-3d2ec4e57ed9","name":"panel_4","type":"visualization"},{"id":"ca9ffc10-76b5-11e7-94e1-3d2ec4e57ed9","name":"panel_5","type":"visualization"},{"id":"e9d5ae30-76b6-11e7-94e1-3d2ec4e57ed9","name":"panel_6","type":"visualization"},{"id":"346e5c30-76b7-11e7-94e1-3d2ec4e57ed9","name":"panel_7","type":"visualization"},{"id":"AWDHE-_wxQT5EBNmq4n3","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU1NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Authentication Success","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SSH - Authentication Success\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Authentication Success\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"authentication_success.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Success\"}}],\"listeners\":{}}"},"id":"dcea2790-6e33-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU2MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSH -Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}"},"id":"e64833a0-4c7b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU2MywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":24,\"i\":\"12\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"13\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":24,\"i\":\"13\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":8,\"y\":8,\"w\":28,\"h\":24,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - SSH","version":1},"id":"c6ccfc00-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"09457310-3641-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"8a60eb50-365f-11e7-8c78-e3086faf385c","name":"panel_2","type":"visualization"},{"id":"9a33f9a0-365f-11e7-8c78-e3086faf385c","name":"panel_3","type":"visualization"},{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"54d78f50-6e33-11e7-9a19-a5996f8250c6","name":"panel_5","type":"visualization"},{"id":"dcea2790-6e33-11e7-9a19-a5996f8250c6","name":"panel_6","type":"visualization"},{"id":"2bbdc020-6e34-11e7-9a19-a5996f8250c6","name":"panel_7","type":"visualization"},{"id":"AWDHEYk4xQT5EBNmq4k5","name":"panel_8","type":"visualization"},{"id":"e64833a0-4c7b-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU2NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"id":"c7484350-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY5NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"notice.message.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"notice.message.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}"},"id":"c8039090-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY2OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Share Flag","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Share Flag\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rfb.share_flag\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"d5e72b20-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU2NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Desktop Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.desktop.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.desktop.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Desktop Name\"}}]}"},"id":"fe62c910-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU2NywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:rfb\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"f64f888f-f9bb-4be1-ab75-80d2a11303ed\"},\"panelIndex\":\"f64f888f-f9bb-4be1-ab75-80d2a11303ed\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"0e12fa96-b29d-4815-ae19-b6e894948597\"},\"panelIndex\":\"0e12fa96-b29d-4815-ae19-b6e894948597\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\"},\"panelIndex\":\"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"c1bb39f4-4d9f-4154-a131-65e727fc0049\"},\"panelIndex\":\"c1bb39f4-4d9f-4154-a131-65e727fc0049\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\"},\"panelIndex\":\"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":8,\"w\":14,\"h\":19,\"i\":\"b9412112-bc5a-4b16-ba5e-ded11a0e299d\"},\"panelIndex\":\"b9412112-bc5a-4b16-ba5e-ded11a0e299d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":19,\"i\":\"edfbec77-b174-40ac-9f11-776da22fe82d\"},\"panelIndex\":\"edfbec77-b174-40ac-9f11-776da22fe82d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":24,\"h\":15,\"i\":\"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\"},\"panelIndex\":\"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":27,\"w\":12,\"h\":15,\"i\":\"aedad86f-ec5e-4330-bab0-468351eb8355\"},\"panelIndex\":\"aedad86f-ec5e-4330-bab0-468351eb8355\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":15,\"i\":\"8092b313-2e40-47e4-96a2-51086f98e53f\"},\"panelIndex\":\"8092b313-2e40-47e4-96a2-51086f98e53f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - RFB","version":1},"id":"c8b3c360-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"b2053990-75c7-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"d5e72b20-75c7-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"fe62c910-75c7-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"5dcf09e0-75c8-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"316e90a0-75c8-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU3MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connection Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Connection Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"id":"c94e2aa0-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY5OCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:tunnel\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"19aef080-5875-4182-81a8-2a6639c75489\"},\"panelIndex\":\"19aef080-5875-4182-81a8-2a6639c75489\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"70939be7-5bb9-4d13-ab89-683b3eda7a98\"},\"panelIndex\":\"70939be7-5bb9-4d13-ab89-683b3eda7a98\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"21848a06-ca96-4869-b069-7524caf3ae06\"},\"panelIndex\":\"21848a06-ca96-4869-b069-7524caf3ae06\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"8020a914-8f9f-4bd6-be32-1c6afa27f9e4\"},\"panelIndex\":\"8020a914-8f9f-4bd6-be32-1c6afa27f9e4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"9f72f316-c3a2-4658-8d03-932fa590e216\"},\"panelIndex\":\"9f72f316-c3a2-4658-8d03-932fa590e216\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":9,\"h\":19,\"i\":\"fa1bc43a-2be3-4699-97af-677bded82273\"},\"panelIndex\":\"fa1bc43a-2be3-4699-97af-677bded82273\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":8,\"w\":19,\"h\":19,\"i\":\"7c522eab-36bc-4933-abea-29a4c4a4f918\"},\"panelIndex\":\"7c522eab-36bc-4933-abea-29a4c4a4f918\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - Tunnels","version":1},"id":"c962dd60-75ed-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"b6120810-75ef-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU3MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Weird - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}"},"id":"ca3e57d0-4172-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYxMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - FC Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - FC Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dnp3.fc_reply.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dnp3.fc_reply.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FC Reply\"}}]}"},"id":"cb29fbe0-75b8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY5OSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"panelRefName\":\"panel_0\",\"version\":\"7.3.0\",\"gridData\":{\"x\":12,\"y\":20,\"w\":24,\"h\":20,\"i\":\"1\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}},{\"panelIndex\":\"2\",\"panelRefName\":\"panel_1\",\"version\":\"7.3.0\",\"gridData\":{\"x\":12,\"y\":0,\"w\":24,\"h\":20,\"i\":\"2\"},\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"panelRefName\":\"panel_2\",\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":40,\"i\":\"3\"},\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"panelRefName\":\"panel_3\",\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":24,\"i\":\"4\"},\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}}]","timeRestore":false,"title":"Connections - Top Source IPs","version":1},"id":"cb367060-3b04-11e7-a83b-b1b4da7d15f4","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8261cf00-366e-11e7-8c78-e3086faf385c","name":"panel_0","type":"visualization"},{"id":"28c27f80-3b05-11e7-a83b-b1b4da7d15f4","name":"panel_1","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_2","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU3NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"db570800-365a-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU3OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"f0700840-365a-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU4MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"validation_status.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS Version\"}}]}"},"id":"ebec2ea0-4c7c-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU4NSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":104,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":104,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":20,\"h\":24,\"x\":16,\"y\":104,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":8,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}},{\"panelIndex\":\"15\",\"gridData\":{\"w\":48,\"h\":72,\"x\":0,\"y\":128,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"19\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"19\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"20\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"20\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"21\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"21\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"Bro - SSL","version":1},"id":"cca67b60-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"6139edd0-3641-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"3753e110-365a-11e7-bf60-314364dd1cde","name":"panel_2","type":"visualization"},{"id":"02699580-365a-11e7-bf60-314364dd1cde","name":"panel_3","type":"visualization"},{"id":"db570800-365a-11e7-8bd0-1db2c55fb7a1","name":"panel_4","type":"visualization"},{"id":"f0700840-365a-11e7-8bd0-1db2c55fb7a1","name":"panel_5","type":"visualization"},{"id":"21d090d0-365b-11e7-8bd0-1db2c55fb7a1","name":"panel_6","type":"visualization"},{"id":"53ac63e0-365b-11e7-8bd0-1db2c55fb7a1","name":"panel_7","type":"visualization"},{"id":"ae959820-365c-11e7-8bd0-1db2c55fb7a1","name":"panel_8","type":"visualization"},{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"23d22bd0-70b4-11e7-810e-2bafe9e41c10","name":"panel_10","type":"visualization"},{"id":"AWDHElRWxQT5EBNmq4lz","name":"panel_11","type":"visualization"},{"id":"ebec2ea0-4c7c-11e8-9b0a-f1d33346f773","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU4NiwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"mapCenter\":[24.846565348219734,0.087890625],\"mapZoom\":2}},{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Connections - Destination - Sum of Total Bytes","version":1},"id":"ccfcc540-4638-11e7-a82e-d97152153689","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"1342e630-4632-11e7-9903-85f789353078","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU4OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - Entropy","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Strelka - File - Entropy\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"scan.entropy.entropy\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Entropy\"}}]}"},"id":"ce9e03f0-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY3MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Warning","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Warning\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.warning.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.warning.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Warning\"}}]}"},"id":"cf56b070-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYwNCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"e89c9700-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU5MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Country","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Tunnels - Country\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"id":"f60e0c40-6e34-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU5NCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":20,\"h\":20,\"x\":28,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":48,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"gridData\":{\"w\":20,\"h\":20,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":20,\"x\":8,\"y\":28,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":48,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Bro - Tunnels","version":1},"id":"d7b54ae0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"e89c9700-3641-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"43b2b040-3807-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"26457730-3808-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"3cdf2400-3808-11e7-a1cc-ebc6a7e70e84","name":"panel_4","type":"visualization"},{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"f60e0c40-6e34-11e7-9a19-a5996f8250c6","name":"panel_6","type":"visualization"},{"id":"33b39a60-6e35-11e7-9a19-a5996f8250c6","name":"panel_7","type":"visualization"},{"id":"53824da0-6e35-11e7-9a19-a5996f8250c6","name":"panel_8","type":"visualization"},{"id":"AWDHFYrqxQT5EBNmq4qT","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzU5OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event_type:bro_conn\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Connections - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"id":"d7d3dda0-54b9-11e9-a48f-b7dfb1d0f288","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYyNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Server Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.server_name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.server_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}"},"id":"db4dc4a0-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY1NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Datasets","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network Datasets\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}]}"},"id":"dbe4cc20-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzcwMCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"dbfe2f00-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYxMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Queries","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}"},"id":"dcda5680-2927-11e8-b2a2-09f3986ae284","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY0NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"f63cba40-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYwMSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:sip\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"1e84368a-ad74-4d57-9793-5c9ce813045b\"},\"panelIndex\":\"1e84368a-ad74-4d57-9793-5c9ce813045b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"304e7cd2-dc4f-4bf4-b1fe-747091d61b67\"},\"panelIndex\":\"304e7cd2-dc4f-4bf4-b1fe-747091d61b67\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"e87052bf-935e-421b-8208-e798a37edf69\"},\"panelIndex\":\"e87052bf-935e-421b-8208-e798a37edf69\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"b2055759-c7fd-43ab-8613-6031e8e148d3\"},\"panelIndex\":\"b2055759-c7fd-43ab-8613-6031e8e148d3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"a303da32-bd43-45a5-acbf-093478d734f9\"},\"panelIndex\":\"a303da32-bd43-45a5-acbf-093478d734f9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":8,\"w\":8,\"h\":19,\"i\":\"d8632aad-86f0-4290-9480-75ec477ae4cd\"},\"panelIndex\":\"d8632aad-86f0-4290-9480-75ec477ae4cd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":26,\"y\":8,\"w\":8,\"h\":19,\"i\":\"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\"},\"panelIndex\":\"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":19,\"i\":\"dbe534a3-1a06-4185-b78a-293d7ec848c4\"},\"panelIndex\":\"dbe534a3-1a06-4185-b78a-293d7ec848c4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":17,\"i\":\"45de60a4-61ab-4b78-8cc7-5a783070c9be\"},\"panelIndex\":\"45de60a4-61ab-4b78-8cc7-5a783070c9be\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":17,\"i\":\"9cb368f2-b652-4dc9-8427-b88a592e8361\"},\"panelIndex\":\"9cb368f2-b652-4dc9-8427-b88a592e8361\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":17,\"i\":\"b78c61e2-61c3-4c43-94d9-c3971ee375be\"},\"panelIndex\":\"b78c61e2-61c3-4c43-94d9-c3971ee375be\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - SIP","version":1},"id":"dd98e260-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"272b8ab0-75ca-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"9ff24600-75ca-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"f63cba40-75ca-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"49384710-75ca-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"81a1a740-75ca-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"},{"id":"cf56b070-75ca-11ea-9565-7315f4ee5cac","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYwNSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":80,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"10\",\"gridData\":{\"x\":8,\"y\":56,\"w\":40,\"h\":24,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - Weird","version":1},"id":"de2da250-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0dbcade0-3642-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"1b837b00-364e-11e7-9dc3-d35061cb642d","name":"panel_2","type":"visualization"},{"id":"312cd460-364e-11e7-9dc3-d35061cb642d","name":"panel_3","type":"visualization"},{"id":"8dbbbed0-364e-11e7-9dc3-d35061cb642d","name":"panel_4","type":"visualization"},{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"ca3e57d0-4172-11e7-9850-b78558d0ac17","name":"panel_6","type":"visualization"},{"id":"dbfe2f00-6e35-11e7-9a19-a5996f8250c6","name":"panel_7","type":"visualization"},{"id":"AWDHGXk-xQT5EBNmq4uf","name":"panel_8","type":"visualization"},{"id":"691ade50-4c85-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYxNSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Hash - SSDeep","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Hash - SSDeep\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.ssdeep.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SSDeep\"}}]}"},"id":"e087c7d0-772d-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY3NiwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":63,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":63,\"w\":16,\"h\":28,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":63,\"w\":16,\"h\":28,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":91,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":91,\"w\":16,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":32,\"y\":91,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":16,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":8,\"y\":32,\"w\":40,\"h\":31,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]},\"gridData\":{\"x\":0,\"y\":115,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":30,\"y\":24,\"w\":18,\"h\":8,\"i\":\"26\"},\"panelIndex\":\"26\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":32,\"y\":63,\"w\":16,\"h\":28,\"i\":\"31\"},\"panelIndex\":\"31\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":22,\"h\":24,\"i\":\"32\"},\"panelIndex\":\"32\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"Bro - Connections","version":1},"id":"e0a34b90-34e6-11e7-9118-45bd317f0ca4","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"2da139c0-34e7-11e7-9118-45bd317f0ca4","name":"panel_1","type":"visualization"},{"id":"8261cf00-366e-11e7-8c78-e3086faf385c","name":"panel_2","type":"visualization"},{"id":"9a54f150-366e-11e7-8c78-e3086faf385c","name":"panel_3","type":"visualization"},{"id":"296823d0-366f-11e7-8c78-e3086faf385c","name":"panel_4","type":"visualization"},{"id":"b50912f0-366f-11e7-8c78-e3086faf385c","name":"panel_5","type":"visualization"},{"id":"05088150-3670-11e7-8c78-e3086faf385c","name":"panel_6","type":"visualization"},{"id":"c3152010-3673-11e7-8c78-e3086faf385c","name":"panel_7","type":"visualization"},{"id":"13fe29c0-3b17-11e7-b871-5f76306b9694","name":"panel_8","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"25ce6eb0-463b-11e7-a82e-d97152153689","name":"panel_10","type":"visualization"},{"id":"AWDG71xFxQT5EBNmq336","name":"panel_11","type":"visualization"},{"id":"bc7fbe00-4a44-11e8-9b0a-f1d33346f773","name":"panel_12","type":"visualization"},{"id":"d7d3dda0-54b9-11e9-a48f-b7dfb1d0f288","name":"panel_13","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYyNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Destination Port (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Destination Port (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}}],\"listeners\":{}}"},"id":"e3717d80-6e0f-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY0MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}"},"id":"fab4b560-37d8-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYzMSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"4\",\"gridData\":{\"w\":48,\"h\":68,\"x\":0,\"y\":96,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"certificate_subject\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":20,\"h\":20,\"x\":8,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"8\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":20,\"h\":20,\"x\":28,\"y\":8,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":40,\"h\":20,\"x\":8,\"y\":28,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"12\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Bro - X.509","version":1},"id":"e5aa7170-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"41bee360-3642-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"738127f0-37d7-11e7-9efb-91e89505091f","name":"panel_3","type":"visualization"},{"id":"fab4b560-37d8-11e7-9efb-91e89505091f","name":"panel_4","type":"visualization"},{"id":"0a5f7b30-37d9-11e7-9efb-91e89505091f","name":"panel_5","type":"visualization"},{"id":"150f7280-6e37-11e7-a8d6-ed2e692de531","name":"panel_6","type":"visualization"},{"id":"446e85c0-6e37-11e7-a8d6-ed2e692de531","name":"panel_7","type":"visualization"},{"id":"AWDHGklsxQT5EBNmq4wG","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYzNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Domain","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Host - Domain\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}]}"},"id":"e80aa100-7375-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzcwMSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"mapCenter\":[39.639537564366684,0.17578125],\"mapZoom\":2}},{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Connections - Destination - Top Connection Duration","version":1},"id":"ea211360-46c4-11e7-a82e-d97152153689","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f7492d0-46c4-11e7-a82e-d97152153689","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzYzOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Answers","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"answers.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}"},"id":"ff2af9b0-2927-11e8-b2a2-09f3986ae284","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY0NiwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":68,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":44,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":44,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":92,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":116,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"17\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"21\",\"gridData\":{\"w\":16,\"h\":12,\"x\":32,\"y\":44,\"i\":\"21\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"22\",\"gridData\":{\"w\":16,\"h\":12,\"x\":32,\"y\":56,\"i\":\"22\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"23\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"23\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"24\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":68,\"i\":\"24\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"25\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":68,\"i\":\"25\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"panelIndex\":\"26\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":20,\"i\":\"26\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\",\"embeddableConfig\":{}},{\"panelIndex\":\"27\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":20,\"i\":\"27\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\",\"embeddableConfig\":{}},{\"panelIndex\":\"28\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":20,\"i\":\"28\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_15\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - DNS","version":1},"id":"ebf5ec90-34bf-11e7-9b32-bb903919ead9","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"6ef90c30-34c0-11e7-9b32-bb903919ead9","name":"panel_1","type":"visualization"},{"id":"57a9a3f0-34c0-11e7-9b32-bb903919ead9","name":"panel_2","type":"visualization"},{"id":"45a652b0-34c1-11e7-917c-af7a9d11771a","name":"panel_3","type":"visualization"},{"id":"e8e3b8a0-34c1-11e7-917c-af7a9d11771a","name":"panel_4","type":"visualization"},{"id":"1ecdd2e0-34c0-11e7-9b32-bb903919ead9","name":"panel_5","type":"visualization"},{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"e3717d80-6e0f-11e7-8624-1fb07dd76c6a","name":"panel_7","type":"visualization"},{"id":"4d89e140-6f09-11e7-9d31-23c0596994a7","name":"panel_8","type":"visualization"},{"id":"74861280-6f06-11e7-b253-211f64f37eda","name":"panel_9","type":"visualization"},{"id":"AWDG9Qx0xQT5EBNmq3_2","name":"panel_10","type":"visualization"},{"id":"dcda5680-2927-11e8-b2a2-09f3986ae284","name":"panel_11","type":"visualization"},{"id":"ff2af9b0-2927-11e8-b2a2-09f3986ae284","name":"panel_12","type":"visualization"},{"id":"22f7de30-4949-11e8-9576-313be7c6b44b","name":"panel_13","type":"visualization"},{"id":"0c338e50-4a4e-11e8-9b0a-f1d33346f773","name":"panel_14","type":"visualization"},{"id":"49e04860-4a4e-11e8-9b0a-f1d33346f773","name":"panel_15","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY1MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - File System","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - File System\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smb.file_system.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.file_system.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File System\"}}]}"},"id":"ed215680-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY2NCwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":51,\"i\":\"4\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":51},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":17,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":34},\"panelIndex\":\"12\",\"title\":\"NIDS Alert - Source Port\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"h\":17,\"i\":\"18\",\"w\":20,\"x\":28,\"y\":34},\"panelIndex\":\"18\",\"title\":\"NIDS Alert - Destination Port\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"19\",\"w\":40,\"x\":8,\"y\":18},\"panelIndex\":\"19\",\"title\":\"NIDS - Alert Summary \",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"20\",\"w\":17,\"x\":8,\"y\":8},\"panelIndex\":\"20\",\"title\":\"NIDS - Alert Title\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"21\",\"w\":23,\"x\":25,\"y\":8},\"panelIndex\":\"21\",\"title\":\"NIDS - Rule Signature\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"NIDS - SID Drilldown","version":1},"id":"ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","name":"panel_3","type":"visualization"},{"id":"AWDG3ym0xQT5EBNmq3mG","name":"panel_4","type":"visualization"},{"id":"3f040620-4a44-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"3a1b54b0-e061-11e9-8f0c-2ddbf5ed9290","name":"panel_6","type":"visualization"},{"id":"1b3faca0-e064-11e9-8f0c-2ddbf5ed9290","name":"panel_7","type":"visualization"},{"id":"6533dd40-e064-11e9-8f0c-2ddbf5ed9290","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY1NCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"ede56800-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzcwMiwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:ssl\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"7ba54e84-e774-489e-b4e5-156bff163007\"},\"panelIndex\":\"7ba54e84-e774-489e-b4e5-156bff163007\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"83706228-debf-441c-ab7f-2e20c91ec132\"},\"panelIndex\":\"83706228-debf-441c-ab7f-2e20c91ec132\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"e06b2a92-d78b-4d77-9948-40a96a630656\"},\"panelIndex\":\"e06b2a92-d78b-4d77-9948-40a96a630656\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":20,\"i\":\"6f2ba042-522e-43a3-8b9f-0d00e1b60070\"},\"panelIndex\":\"6f2ba042-522e-43a3-8b9f-0d00e1b60070\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":10,\"h\":20,\"i\":\"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\"},\"panelIndex\":\"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":19,\"y\":8,\"w\":11,\"h\":20,\"i\":\"19764782-13cb-4b14-b272-d30fbdead5a2\"},\"panelIndex\":\"19764782-13cb-4b14-b272-d30fbdead5a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":20,\"i\":\"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\"},\"panelIndex\":\"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":28,\"w\":23,\"h\":20,\"i\":\"6ce88ef8-a636-4f1c-85e9-922ab70a500f\"},\"panelIndex\":\"6ce88ef8-a636-4f1c-85e9-922ab70a500f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":28,\"w\":25,\"h\":20,\"i\":\"a804d523-cf9b-47f1-85ca-4931defc69ce\"},\"panelIndex\":\"a804d523-cf9b-47f1-85ca-4931defc69ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - SSL","version":1},"id":"efae8de0-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"db4dc4a0-75ec-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"b8371250-75ec-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"4e8cbf80-75ec-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY1OSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2}}]","timeRestore":false,"title":"Connections - Source - Sum of Total Bytes","version":1},"id":"f042ad60-46c6-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"1156b1e0-46c7-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY2MSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:smb*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"4f0e2e7d-aeee-4de8-82f0-9faffa596a05\"},\"panelIndex\":\"4f0e2e7d-aeee-4de8-82f0-9faffa596a05\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\"},\"panelIndex\":\"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"c4342fbe-e949-42d7-959c-c1ce6978033a\"},\"panelIndex\":\"c4342fbe-e949-42d7-959c-c1ce6978033a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"f59a811c-5a72-4337-84bd-32a5d1dce308\"},\"panelIndex\":\"f59a811c-5a72-4337-84bd-32a5d1dce308\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"5bb49dfa-0703-448b-a249-6cebb45e101c\"},\"panelIndex\":\"5bb49dfa-0703-448b-a249-6cebb45e101c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":8,\"w\":10,\"h\":19,\"i\":\"4f886675-43c8-46c9-a471-717010d40e67\"},\"panelIndex\":\"4f886675-43c8-46c9-a471-717010d40e67\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":10,\"h\":19,\"i\":\"f00a4afd-cd5f-48a4-a8d3-bc80f7367285\"},\"panelIndex\":\"f00a4afd-cd5f-48a4-a8d3-bc80f7367285\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":19,\"i\":\"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\"},\"panelIndex\":\"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":20,\"i\":\"d76e30ec-3114-4100-a806-2a77ba987bbe\"},\"panelIndex\":\"d76e30ec-3114-4100-a806-2a77ba987bbe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - SMB","version":1},"id":"f24d7b80-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"34762420-75f0-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"1c6567b0-75f0-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"ed215680-75ef-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"052df440-75f0-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY2NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice Action","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice Action\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"notice.p: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"notice.action.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"fafba910-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY2OSwxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:notice AND event.module:zeek\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3c981b35-b930-4523-bef4-7f5193148816\"},\"panelIndex\":\"3c981b35-b930-4523-bef4-7f5193148816\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":16,\"h\":8,\"i\":\"eb1b234a-2d6b-46af-9afe-a420a389dad1\"},\"panelIndex\":\"eb1b234a-2d6b-46af-9afe-a420a389dad1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":8,\"i\":\"7d323b2f-3502-4397-93fd-b430d9011d92\"},\"panelIndex\":\"7d323b2f-3502-4397-93fd-b430d9011d92\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":19,\"h\":18,\"i\":\"298b9cf4-5e54-45f5-805c-e04b31044401\"},\"panelIndex\":\"298b9cf4-5e54-45f5-805c-e04b31044401\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":19,\"y\":8,\"w\":29,\"h\":18,\"i\":\"1fa5b7c2-2680-4dd0-9c07-a714d8d8968a\"},\"panelIndex\":\"1fa5b7c2-2680-4dd0-9c07-a714d8d8968a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":26,\"w\":11,\"h\":23,\"i\":\"9056cf20-d882-4316-ba02-91ecbd1d4df9\"},\"panelIndex\":\"9056cf20-d882-4316-ba02-91ecbd1d4df9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":11,\"y\":26,\"w\":11,\"h\":23,\"i\":\"5f855acb-fec5-4155-b2ef-0961a6d9a89c\"},\"panelIndex\":\"5f855acb-fec5-4155-b2ef-0961a6d9a89c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":26,\"w\":10,\"h\":23,\"i\":\"208bc4b2-013a-4aab-b72c-45a618077791\"},\"panelIndex\":\"208bc4b2-013a-4aab-b72c-45a618077791\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":26,\"w\":16,\"h\":23,\"i\":\"5429bbba-3d62-4a93-9932-4a2cc4369775\"},\"panelIndex\":\"5429bbba-3d62-4a93-9932-4a2cc4369775\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - Zeek - Notices","version":1},"id":"fa9ed760-7734-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"9c6ccff0-7a84-11ea-9d13-57f5db13d1ed","name":"panel_3","type":"visualization"},{"id":"c8039090-7a84-11ea-9d13-57f5db13d1ed","name":"panel_4","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"fafba910-7a84-11ea-9d13-57f5db13d1ed","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY3MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"id":"fd8b4640-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-06-15T18:49:59.193Z","version":"WzcwMywxXQ=="} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:strelka\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\"},\"panelIndex\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":21,\"h\":7,\"i\":\"566a9d04-f2dc-4868-9625-97a19d985703\"},\"panelIndex\":\"566a9d04-f2dc-4868-9625-97a19d985703\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":7,\"i\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\"},\"panelIndex\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":20,\"i\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\"},\"panelIndex\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":7,\"w\":11,\"h\":20,\"i\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\"},\"panelIndex\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":7,\"w\":14,\"h\":20,\"i\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\"},\"panelIndex\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":37,\"y\":7,\"w\":11,\"h\":20,\"i\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\"},\"panelIndex\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":20,\"i\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\"},\"panelIndex\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":15,\"h\":20,\"i\":\"0e8800a9-a6f5-4a79-8370-61713f584886\"},\"panelIndex\":\"0e8800a9-a6f5-4a79-8370-61713f584886\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":20,\"i\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\"},\"panelIndex\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":27,\"i\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\"},\"panelIndex\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - Strelka","version":1},"id":"ff689c50-75f3-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"7a88adc0-75f0-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","name":"panel_4","type":"visualization"},{"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","name":"panel_5","type":"visualization"},{"id":"ce9e03f0-772c-11ea-bee5-af7f7c7b8e05","name":"panel_6","type":"visualization"},{"id":"a7ebb450-772c-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"08c0b770-772e-11ea-bee5-af7f7c7b8e05","name":"panel_8","type":"visualization"},{"id":"e087c7d0-772d-11ea-bee5-af7f7c7b8e05","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"type":"dashboard","updated_at":"2020-06-15T18:49:59.193Z","version":"WzY3NywxXQ=="} -{"exportedCount":709,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file +{"attributes":{"fieldFormatMap":"{\"match_body.source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"match_body.destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.slack_webhook_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_webhook_url.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_sent\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.signature_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._index.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lat\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lon\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_ip.keyword\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_matches\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source_ip.keyword\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-sourceip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-sourceip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matches\",\"type\":\"number\",\"count\":3,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"starttime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"time_taken\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traceback\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traceback.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"until\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:elastalert_status*"},"id":"*:elastalert_status*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-15T13:17:15.442Z","version":"WzAsMV0="} +{"attributes":{"fieldFormatMap":"{\"_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PCAPPLACEHOLDER/securityonion/joblookup?esid={{ value }}\",\"labelTemplate\":\"{{value}}\"}},\"uid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"fuid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"resp_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"orig_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"sid\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0.[000]\"}},\"query\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"query.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"signature_info\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{rawValue}}\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"duration\":{\"id\":\"duration\",\"params\":{\"outputFormat\":\"asSeconds\",\"outputPrecision\":6}},\"missed_bytes\":{\"id\":\"bytes\"},\"missing_bytes\":{\"id\":\"bytes\"},\"original_bytes\":{\"id\":\"bytes\"},\"original_ip_bytes\":{\"id\":\"bytes\"},\"overflow_bytes\":{\"id\":\"bytes\"},\"respond_bytes\":{\"id\":\"bytes\"},\"respond_ip_bytes\":{\"id\":\"bytes\"},\"seen_bytes\":{\"id\":\"bytes\"},\"total_bytes\":{\"id\":\"bytes\"},\"rtt\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0000000]\"}},\"uids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"osquery.LiveQuery\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://FLEETPLACEHOLDER/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"LiveQuery\"}},\"TheHive\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"\",\"labelTemplate\":\"Add2Hive\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ack\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ack.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints.path_len\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat_host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat_host.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_fqdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_fqdn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.dpkg_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.dpkg_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.package\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.package.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.args.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.egroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.egroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.euser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.euser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.fgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.fgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nlwp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nlwp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pgrp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pgrp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.processor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.processor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.resident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.resident.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.rgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.rgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ruser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ruser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.sgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.sgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.share\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.share.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.start_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.start_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.stime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.stime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.suser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.suser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.utime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.utime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.vm_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.vm_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.format\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.format.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.multiarch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.multiarch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.section\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.section.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.vendor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.vendor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.ftscomment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.ftscomment.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.parent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.parent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted_cutoff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted_cutoff.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"framed_addr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"framed_addr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"full_log\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"full_log.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_responses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_responses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ecn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_ecn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3s\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3s.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"options.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.LiveQuery\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.LiveQuery.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.calendarTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.calendarTime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.shell.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.counter\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.epoch\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hardware_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hardware_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostIdentifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostIdentifier.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.unixTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prospector.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_location.country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_signature.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sequence_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_dns_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_dns_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_nb_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_nb_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_tree_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_tree_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.event.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.inode_after\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.perm_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.perm_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tcp_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"urg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"urg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.firedtimes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gdpr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gdpr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gpg13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gpg13.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.groups\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.groups.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.mail\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.pci_dss\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.pci_dss.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"window\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"window.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'soctopus/thehive/alert/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-*"},"id":"*:logstash-*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Network Data","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Datasets** \\n[Connections](/kibana/app/kibana#/dashboard/0cc628b0-6e9f-11ea-9266-1fd14ca6af34) | [DCE/RPC](/kibana/app/kibana#/dashboard/9e882df0-72c5-11ea-8dd2-9d8795a1200b) |\\n[DHCP](/kibana/app/kibana#/dashboard/80625c10-96dd-11ea-814e-bb515e873c2c) \\n[DNP3](/kibana/app/kibana#/dashboard/b1f52180-755a-11ea-9565-7315f4ee5cac) | [DNS](/kibana/app/kibana#/dashboard/55ac6bf0-6ec4-11ea-9266-1fd14ca6af34) |\\n[FTP](/kibana/app/kibana#/dashboard/739bfad0-755a-11ea-9565-7315f4ee5cac) |\\n[HTTP](/kibana/app/kibana#/dashboard/44e9c820-6eb1-11ea-9266-1fd14ca6af34) | [IRC](/kibana/app/kibana#/dashboard/38523560-75ba-11ea-9565-7315f4ee5cac) |\\n[Kerberos](/kibana/app/kibana#/dashboard/b207ab90-75bc-11ea-9565-7315f4ee5cac) \\n[Modbus](/kibana/app/kibana#/dashboard/886a7b90-75bd-11ea-9565-7315f4ee5cac) | \\n[MySQL](/kibana/app/kibana#/dashboard/c3ced6d0-75be-11ea-9565-7315f4ee5cac) | \\n[NTLM](/kibana/app/kibana#/dashboard/558292e0-75c1-11ea-9565-7315f4ee5cac) | \\n[PE](kibana/app/kibana#/dashboard/94b55b90-c761-11ea-bebb-37c5ab5894ea) |\\n[RADIUS](/kibana/app/kibana#/dashboard/b9769e60-75c4-11ea-9565-7315f4ee5cac) | [RDP](/kibana/app/kibana#/dashboard/5b743150-75c5-11ea-9565-7315f4ee5cac) | \\n[RFB](/kibana/app/kibana#/dashboard/c8b3c360-75c6-11ea-9565-7315f4ee5cac) | [SIP](/kibana/app/kibana#/dashboard/dd98e260-75c6-11ea-9565-7315f4ee5cac) \\n[SMB](/kibana/app/kibana#/dashboard/f24d7b80-75c6-11ea-9565-7315f4ee5cac) | [SMTP](/kibana/app/kibana#/dashboard/00304500-75e7-11ea-9565-7315f4ee5cac) | [SNMP](/kibana/app/kibana#/dashboard/96522610-75e8-11ea-9565-7315f4ee5cac) | \\n[SSH](/kibana/app/kibana#/dashboard/9dfd77e0-75eb-11ea-9565-7315f4ee5cac) | [SSL](/kibana/app/kibana#/dashboard/efae8de0-75eb-11ea-9565-7315f4ee5cac) | [Syslog](/kibana/app/kibana#/dashboard/66499a20-75ed-11ea-9565-7315f4ee5cac) | [Tunnels](/kibana/app/kibana#/dashboard/c962dd60-75ed-11ea-9565-7315f4ee5cac) | [X.509](/kibana/app/kibana#/dashboard/2e0865f0-75ee-11ea-9565-7315f4ee5cac) \\n\"},\"title\":\"Security Onion - Network Data\"}"},"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-07-16T12:42:36.125Z","version":"WzcyNSwyXQ=="} +{"attributes":{"fieldFormatMap":"{\"network.community_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:network.community_id,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(network.community_id:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/securityonion/joblookup?esid={{ value }}\",\"labelTemplate\":\"{{ value }}\"}},\"client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"Push to TheHive\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"\",\"labelTemplate\":\"Click to create an alert in TheHive\"}},\"event.dataset\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.dataset.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"osquery.result.live_query\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://FLEETPLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"osquery.result.live_query.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://FLEETPLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"connection.state_description\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.state_description.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.uuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.uuid,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.uuid:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.lease_time\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.lease_time,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.lease_time:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }{}\"}},\"dns.query.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"client.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.id.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.id.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.ip\"}}},{\"name\":\"client.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.port\"}}},{\"name\":\"client.user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"connection.bytes.missed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.history\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.history.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.local.originator\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.local.responder\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"data.@timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.@timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.@timestamp\"}}},{\"name\":\"data.@version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.@version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.@version\"}}},{\"name\":\"data._id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data._id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data._id\"}}},{\"name\":\"data._index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data._index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data._index\"}}},{\"name\":\"data._type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data._type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data._type\"}}},{\"name\":\"data.agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.ephemeral_id\"}}},{\"name\":\"data.agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.id\"}}},{\"name\":\"data.agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.name\"}}},{\"name\":\"data.agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.type\"}}},{\"name\":\"data.agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.version\"}}},{\"name\":\"data.ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.ecs.version\"}}},{\"name\":\"data.event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.action\"}}},{\"name\":\"data.event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.category\"}}},{\"name\":\"data.event.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.event.created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.created\"}}},{\"name\":\"data.event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.dataset\"}}},{\"name\":\"data.event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.kind\"}}},{\"name\":\"data.event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.module\"}}},{\"name\":\"data.event.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.provider\"}}},{\"name\":\"data.fields.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.fields.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.fields.module\"}}},{\"name\":\"data.host.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.architecture\"}}},{\"name\":\"data.host.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.hostname\"}}},{\"name\":\"data.host.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.id\"}}},{\"name\":\"data.host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.name\"}}},{\"name\":\"data.host.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.build\"}}},{\"name\":\"data.host.os.family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.family\"}}},{\"name\":\"data.host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.kernel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.kernel\"}}},{\"name\":\"data.host.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.name\"}}},{\"name\":\"data.host.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.platform\"}}},{\"name\":\"data.host.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.version\"}}},{\"name\":\"data.log.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.log.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.log.level\"}}},{\"name\":\"data.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.message\"}}},{\"name\":\"data.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.module\"}}},{\"name\":\"data.num_hits\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.num_matches\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.command_line\"}}},{\"name\":\"data.process.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.entity_id\"}}},{\"name\":\"data.process.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.executable\"}}},{\"name\":\"data.process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.parent.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.parent.command_line\"}}},{\"name\":\"data.process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.parent.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.parent.entity_id\"}}},{\"name\":\"data.process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.parent.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.parent.executable\"}}},{\"name\":\"data.process.pe.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pe.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.pe.description\"}}},{\"name\":\"data.process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pe.file_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.pe.file_version\"}}},{\"name\":\"data.process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pe.original_file_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.pe.original_file_name\"}}},{\"name\":\"data.process.pe.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pe.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.pe.product\"}}},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.ppid\"}}},{\"name\":\"data.process.working_directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.working_directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.working_directory\"}}},{\"name\":\"data.tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.tags\"}}},{\"name\":\"data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.user.name\"}}},{\"name\":\"data.winlog.api\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.api.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.api\"}}},{\"name\":\"data.winlog.channel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.channel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.channel\"}}},{\"name\":\"data.winlog.computer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.computer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.computer_name\"}}},{\"name\":\"data.winlog.event_data.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.Company\"}}},{\"name\":\"data.winlog.event_data.Hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.Hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.Hashes\"}}},{\"name\":\"data.winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.IntegrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.IntegrityLevel\"}}},{\"name\":\"data.winlog.event_data.LogonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.LogonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.LogonGuid\"}}},{\"name\":\"data.winlog.event_data.LogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.LogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.LogonId\"}}},{\"name\":\"data.winlog.event_data.ProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.ProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.ProcessId\"}}},{\"name\":\"data.winlog.event_data.RuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.RuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.RuleName\"}}},{\"name\":\"data.winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.TerminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.TerminalSessionId\"}}},{\"name\":\"data.winlog.event_data.UtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.UtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.UtcTime\"}}},{\"name\":\"data.winlog.event_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.winlog.opcode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.opcode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.opcode\"}}},{\"name\":\"data.winlog.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.winlog.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.winlog.provider_guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.provider_guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.provider_guid\"}}},{\"name\":\"data.winlog.provider_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.provider_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.provider_name\"}}},{\"name\":\"data.winlog.record_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.winlog.task\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.task.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.task\"}}},{\"name\":\"data.winlog.user.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.user.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.user.domain\"}}},{\"name\":\"data.winlog.user.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.user.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.user.identifier\"}}},{\"name\":\"data.winlog.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.user.name\"}}},{\"name\":\"data.winlog.user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.user.type\"}}},{\"name\":\"data.winlog.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dce_rpc.endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.named_pipe\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.named_pipe.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.operation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.operation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.ip\"}}},{\"name\":\"destination.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.ip\"}}},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.assigned_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.assigned_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.lease_time\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.message_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.message_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.requested_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.requested_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dnp3.fc_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.iin\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.answers.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.answers\"}}},{\"name\":\"dns.authoritative\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.highest_registered_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.highest_registered_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.parent_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.parent_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.class_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.rejected\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.type_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.recursion.available\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.recursion.desired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.reserved\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.response.code_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.subdomain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.subdomain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.top_level_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.truncated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ttls\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"error.reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.duration\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.severity_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"file.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.aslr\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.missing\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.overflow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.seen\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_integrity\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.compile_timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.compile_timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.debug_data\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.dep\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.cutoff\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.extracted.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.flavors.mime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.mime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.yara\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.yara.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.is_64bit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_exe\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.local_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.machine\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.machine.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.mime_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mime_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mimetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mimetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.orig_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.os\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.os.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.resp_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.scanners\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.scanners.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.section_names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.section_names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.seh\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.table.cert\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.export\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.import\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.timed_out\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.times_accessed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_accessed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_changed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_changed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_modified\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_modified.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.tree.node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.parent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.parent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.root\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.root.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"ftp.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.data_channel_destination.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.data_channel_destination.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.data_channel_destination.ip\"}}},{\"name\":\"ftp.data_channel_destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_passive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_source.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.data_channel_source.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.data_channel_source.ip\"}}},{\"name\":\"ftp.password\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.password.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.hassh\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.hassh.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.ja3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3s\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3s.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.md5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.md5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.sha1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha256\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha256.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.ssdeep\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ssdeep.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.kernel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.syscheck.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.gid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.inode_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.inode_before\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.md5_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.mtime_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.perm_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.perm_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.sha1_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha256_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.size_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.uid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"http.info_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.info_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.info_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.proxied\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.proxied.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.referrer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.referrer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.trans_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.virtual_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.virtual_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"ingest.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ingest.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"irc.command.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.nickname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.nickname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"kerberos.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.error_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.error_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.request_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.request_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.server_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.server_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.forwardable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.renewable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.valid.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.until\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.until.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.full\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.full.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.id.client_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.client_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.orig_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.orig_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.resp_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.resp_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.server_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.server_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.tunnel_parents\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.tunnel_parents.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.location\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.location.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"message\"}}},{\"name\":\"modbus.exception\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.exception.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.exception\"}}},{\"name\":\"modbus.function\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.function.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"mysql.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.rows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.community_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.data.decoded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.data.decoded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.transport\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.transport.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"notice.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.note\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.note.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.p\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice.peer_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.peer_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.sub_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.sub_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.suppress_for\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm.server.dns.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.dns.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.nb.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.nb.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.tree.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.tree.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"osquery.result.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.calendar_time\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.calendar_time.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendar_time\"}}},{\"name\":\"osquery.result.codename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.codename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.columns.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.description\"}}},{\"name\":\"osquery.result.columns.directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.directory\"}}},{\"name\":\"osquery.result.columns.gid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.gid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.gid\"}}},{\"name\":\"osquery.result.columns.gid_signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.gid_signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.gid_signed\"}}},{\"name\":\"osquery.result.columns.shell\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.shell.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.shell\"}}},{\"name\":\"osquery.result.columns.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.uid\"}}},{\"name\":\"osquery.result.columns.uid_signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.uid_signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.uid_signed\"}}},{\"name\":\"osquery.result.columns.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.username\"}}},{\"name\":\"osquery.result.columns.uuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.uuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.uuid\"}}},{\"name\":\"osquery.result.counter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.endpoint_ip1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.epoch\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.hardware_serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hardware_serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.host_identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.host_identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.host_identifier\"}}},{\"name\":\"osquery.result.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.live_query\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.live_query.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.numerics\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.unix_time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.pe.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.file_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.original_file_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.ppid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ppid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.working_directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.working_directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"radius.framed_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.framed_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"rdp.certificate_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_permanent\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.certificate_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.client_build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.client_build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.desktop.height\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.desktop.width\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.encryption_level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.keyboard_layout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.keyboard_layout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.requested_color_depth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.requested_color_depth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.security_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.security_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"request.attributes.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.attributes.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.firedtimes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gdpr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gdpr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gpg13\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gpg13.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.groups\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.groups.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.hipaa\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hipaa.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.id\"}}},{\"name\":\"rule.level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.mail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.metadata.affected_product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.affected_product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.attack_target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.attack_target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.created_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.created_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.deployment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.deployment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.former_category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.former_category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.malware_family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.malware_family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.performance_impact\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.performance_impact.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.signature_severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.signature_severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.tag\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.tag.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.updated_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.updated_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.nist_800_53\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.nist_800_53.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.pci_dss\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.pci_dss.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.uuid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.exiftool.About\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.About.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.AppVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.AppVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.Author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.BitDepth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BitDepth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BuildID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BuildID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharCountWithSpaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharacterSet\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharacterSet.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.Characters\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Characters.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.CodePage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodePage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodeSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodeSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.ColorType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ColorType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.Comments\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Comments.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.CompObjUserType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserTypeLen.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.CompanyName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompanyName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.Compression\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Compression.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.CreateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.Creator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Creator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.CreatorTool\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreatorTool.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromDocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromInstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.Directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.DocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.EntryPoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.EntryPoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.Error\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Error.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.ExifToolVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ExifToolVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.FileAccessDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileAccessDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileDescription\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileDescription.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileFlags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlagsMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlagsMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileInodeChangeDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileOS\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileOS.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FilePermissions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FilePermissions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FileSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSubtype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSubtype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileTypeExtension\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileTypeExtension.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.Filter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Filter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Format\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Format.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.HasXFA\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HasXFA.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HeadingPairs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HeadingPairs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HyperlinksChanged.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.ImageHeight\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageHeight.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageWidth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageWidth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.InitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.Interlace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Interlace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.InternalName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InternalName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.Keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.LanguageCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LanguageCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LastModifiedBy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LastModifiedBy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LegalCopyright\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalCopyright.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalTrademarks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalTrademarks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.Linearized\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Linearized.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Lines\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Lines.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.LinkerVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinkerVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinksUpToDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinksUpToDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.MIMEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MIMEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MachineType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MachineType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.Megapixels\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Megapixels.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.ModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.OSVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OSVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.ObjectFileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ObjectFileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.OriginalFileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OriginalFileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.PDFVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PDFVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PTEX_Fullbanner.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PageCount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PageCount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.Pages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Pages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Paragraphs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Paragraphs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.PrivateBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PrivateBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.Producer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Producer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.ProductName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.RevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.ScaleCrop\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ScaleCrop.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.Security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Security.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.SharedDoc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SharedDoc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.Software\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Software.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.SourceFile\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SourceFile.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SpecialBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SpecialBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.Subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.SubsystemVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SubsystemVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SvnRevision\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SvnRevision.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.Template\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Template.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.TimeStamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TimeStamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.Title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.TitleOfParts\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TitleOfParts.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TotalEditTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TotalEditTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.Trapped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Trapped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.UninitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.Warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Words\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Words.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.XMPToolkit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.XMPToolkit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.header\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.header.header.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.ini.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ini.keys.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.section\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.section.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.sections\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.sections.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.libarchive.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.mmbot.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.ocr.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ole.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.total.streams\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.objects\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.age\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.pdb\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.pdb.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.file_info.fixed.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.operating_systems.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.type.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.string.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.var.character_set\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.character_set.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.header.address.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.data\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.entry_point\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.file\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.section\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.characteristics.dll\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.dll.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.checksum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.machine.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.magic.dos\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.dos.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.size.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.initialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.uninitialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.headers\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.linker\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.operating_system\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.subsystem\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.imphash\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.imphash.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.resources.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.resources.language.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.sub\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.sub.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.sections.address.physical\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.address.virtual\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.characteristics\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.characteristics.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.exported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.exported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.imported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.imported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.libraries\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.libraries.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.table.address\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.table.library\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.library.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.symbol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbols\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbols.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.total.libraries\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.resources\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.sections\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.symbols\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.certificates\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.upx.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.urls\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.url.urls.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.vb.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vb.functions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.functions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.operators\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.operators.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.strings\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.strings.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.tokens\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.tokens.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vba.auto_exec\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.auto_exec.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.base64\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.base64.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.ioc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.ioc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.suspicious\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.suspicious.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.expired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.fingerprint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.fingerprint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.not_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.not_before\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.serial_number\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.serial_number.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.namespaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.namespaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.total.tags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.yara.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.yara.matches\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.matches.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"scan.yara.meta.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.meta.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.meta.identifier\"}}},{\"name\":\"scan.yara.meta.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.meta.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.meta.rule\"}}},{\"name\":\"scan.yara.meta.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.meta.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.meta.value\"}}},{\"name\":\"server.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.ip\"}}},{\"name\":\"server.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.port\"}}},{\"name\":\"server.reply_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"sip.call_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.call_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.content_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.content_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.request.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.response.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.seq\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.seq.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.transaction.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"smb.file_system\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.file_system.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.share_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.share_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smtp.cc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.cc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.first_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.first_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.helo\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.helo.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.in_reply_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.in_reply_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.is_webmail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.last_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.last_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.mail_date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.message_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.message_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.recipient_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.recipient_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.second_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.second_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.tls\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.transaction_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"snmp.community\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.community.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.display_string\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.display_string.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.get.bulk_requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.responses\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.set.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.up_since\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.up_since.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"socks.bound.host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.bound.host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.request.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.request.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.version.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.major\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor2\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.unparsed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.unparsed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.ip\"}}},{\"name\":\"source.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.ip\"}}},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.attempts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.cipher_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.cipher_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.compression_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.compression_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.direction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.hassh_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.host_key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.kex_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.kex_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.mac_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.mac_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.client.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.established\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.last_alert\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.last_alert.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.next_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.next_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.resumed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.server_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.server_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.validation_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.validation_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"syslog.facility\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.facility.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.facility\"}}},{\"name\":\"syslog.severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.severity\"}}},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tags\"}}},{\"name\":\"tunnel.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"user.gid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.gid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.gid\"}}},{\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"user.shell\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.shell.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.shell\"}}},{\"name\":\"user.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.uid\"}}},{\"name\":\"version.minor3\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.notice\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.peer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.peer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"winlog.activity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.activity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.api\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.api.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.channel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.channel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.computer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.event_data.Address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.AddressLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AddressLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.Binary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Binary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.BufferSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.BufferSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.BufferSize\"}}},{\"name\":\"winlog.event_data.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Company\"}}},{\"name\":\"winlog.event_data.CreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.CreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.CurrentStratumNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.CurrentStratumNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CurrentStratumNumber\"}}},{\"name\":\"winlog.event_data.DeviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMajor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMinor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DomainPeer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DomainPeer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DomainPeer\"}}},{\"name\":\"winlog.event_data.ErrorMessage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ErrorMessage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ErrorMessage\"}}},{\"name\":\"winlog.event_data.FinalStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FinalStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.Hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.ImageLoaded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ImageLoaded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.IntegrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.Library\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Library.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Library\"}}},{\"name\":\"winlog.event_data.LogonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.MaxSystemTimeChangeSeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.MaxSystemTimeChangeSeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.MaxSystemTimeChangeSeconds\"}}},{\"name\":\"winlog.event_data.NewTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.OldTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OldTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.ProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.QueryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.Reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.RequiredSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RequiredSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RequiredSize\"}}},{\"name\":\"winlog.event_data.RetryMinutes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RetryMinutes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RetryMinutes\"}}},{\"name\":\"winlog.event_data.RuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.Service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Service\"}}},{\"name\":\"winlog.event_data.Signature\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signature.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.SignatureStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SignatureStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.Signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.SystemTimeChangeSeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SystemTimeChangeSeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SystemTimeChangeSeconds\"}}},{\"name\":\"winlog.event_data.TargetFilename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TargetFilename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TargetFilename\"}}},{\"name\":\"winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TerminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TimeOffsetSeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TimeOffsetSeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TimeOffsetSeconds\"}}},{\"name\":\"winlog.event_data.TimeSource\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TimeSource.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TimeSource\"}}},{\"name\":\"winlog.event_data.TimeSourceRefId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TimeSourceRefId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TimeSourceRefId\"}}},{\"name\":\"winlog.event_data.UtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.UtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.errorCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.errorCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.param1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param4\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param4.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param7\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param7.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.serviceGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.updateGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateRevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateTitle\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateTitle.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.opcode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.opcode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.provider_guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.record_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.task\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.task.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.user.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user_data.RebootReasons\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.RebootReasons.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.RebootReasons\"}}},{\"name\":\"winlog.user_data.RmSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.RmSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.RmSessionId\"}}},{\"name\":\"winlog.user_data.UTCStartTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.UTCStartTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.UTCStartTime\"}}},{\"name\":\"winlog.user_data.nApplications\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.nApplications.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.nApplications\"}}},{\"name\":\"winlog.user_data.xml_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.xml_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.basic_constraints.ca\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.exponent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.exponent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.key.algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.key.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.not_valid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.signing_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.signing_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.san_dns\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.san_dns.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}},{\"name\":\"Push to TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'https://PLACEHOLDER/soctopus/thehive/alert/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","timeFieldName":"@timestamp","title":"*:so-*"},"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-16T16:56:13.728Z","version":"Wzg0NCwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - All Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - All Logs\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":29}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Logs Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Logs Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Sender","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Sender\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"From\"}}]}"},"id":"7a789740-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzgsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Recipient","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Recipient\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"To\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.to.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Recipient\"}}]}"},"id":"a5742950-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - TLS","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - TLS\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smtp.tls: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smtp.tls\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TLS\"}}]}"},"id":"e77a2b60-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEwLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smtp.subject.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"0713ebf0-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzExLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}"},"id":"4178ce00-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEyLDFd"} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:smtp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\"},\"panelIndex\":\"a603d9db-ab4e-40b0-aeb8-0f1c1f84bd85\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\"},\"panelIndex\":\"6fd30865-1d5d-4f8f-9173-77220bb23395\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\"},\"panelIndex\":\"1b0acf7a-2a47-4eb4-9cb2-34cd6c499472\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"d31027fb-a090-474f-9863-712ef30c0b3e\"},\"panelIndex\":\"d31027fb-a090-474f-9863-712ef30c0b3e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\"},\"panelIndex\":\"fb5452b7-cb91-4415-ad6b-37f2c05955fa\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\"},\"panelIndex\":\"9aaa1369-1a61-4bb0-bb30-6bbb476fbb8a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\"},\"panelIndex\":\"4bf1751e-8da2-4f5a-b66d-2f09338b2053\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":18,\"h\":18,\"i\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\"},\"panelIndex\":\"9365d9e9-478f-499d-aa41-d8f42081ff1c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":27,\"w\":15,\"h\":18,\"i\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\"},\"panelIndex\":\"18ad4f7a-1a1e-4dcb-8810-bb74d247c9fa\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\"},\"panelIndex\":\"44a5b84f-2636-45f4-bb5e-9f8ab11f4107\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - SMTP","version":1},"id":"00304500-75e7-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"7a789740-75e7-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"a5742950-75e7-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"e77a2b60-75e7-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"0713ebf0-75e8-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"4178ce00-75e8-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEzLDFd"} +{"attributes":{"columns":["note","source_ip","destination_ip","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Notices - Logs","version":1},"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE0LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Notices - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"3027c4f0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE1LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/94b52620-342a-11e7-9d52-4f090484f59e) \\n[Help](/kibana/app/kibana#/dashboard/AV6-POJSDwoBUzALqKAg) \\n\\n**Alert Data** \\n[Bro Notices](/kibana/app/kibana#/dashboard/01600fb0-34e4-11e7-9669-7f1d3242b798) \\n[ElastAlert](/kibana/app/kibana#/dashboard/1d98d620-7dce-11e7-846a-150cdcaf3374) \\n[HIDS](/kibana/app/kibana#/dashboard/0de7a390-3644-11e7-a6f7-4f44d7bf1c33) \\n[NIDS](/kibana/app/kibana#/dashboard/7f27a830-34e5-11e7-9669-7f1d3242b798)   \\n\\n**Bro Hunting** \\n[Connections](/kibana/app/kibana#/dashboard/e0a34b90-34e6-11e7-9118-45bd317f0ca4) \\n[DCE/RPC](/kibana/app/kibana#/dashboard/46582d50-3af2-11e7-a83b-b1b4da7d15f4) \\n[DHCP](/kibana/app/kibana#/dashboard/85348270-357b-11e7-ac34-8965f6420c51) \\n[DNP3](/kibana/app/kibana#/dashboard/2fdf5bf0-3581-11e7-98ef-19df58fe538b) \\n[DNS](/kibana/app/kibana#/dashboard/ebf5ec90-34bf-11e7-9b32-bb903919ead9) \\n[Files](/kibana/app/kibana#/dashboard/2d315d80-3582-11e7-98ef-19df58fe538b) \\n[FTP](/kibana/app/kibana#/dashboard/27f3b380-3583-11e7-a588-05992195c551) \\n[HTTP](/kibana/app/kibana#/dashboard/230134a0-34c6-11e7-8360-0b86c90983fd) \\n[Intel](/kibana/app/kibana#/dashboard/468022c0-3583-11e7-a588-05992195c551) \\n[IRC](/kibana/app/kibana#/dashboard/56a34ce0-3583-11e7-a588-05992195c551) \\n[Kerberos](/kibana/app/kibana#/dashboard/6b0d4870-3583-11e7-a588-05992195c551) \\n[Modbus](/kibana/app/kibana#/dashboard/70c005f0-3583-11e7-a588-05992195c551) \\n[MySQL](/kibana/app/kibana#/dashboard/7929f430-3583-11e7-a588-05992195c551) \\n[NTLM](/kibana/app/kibana#/dashboard/022713e0-3ab0-11e7-a83b-b1b4da7d15f4) \\n[PE](/kibana/app/kibana#/dashboard/8a10e380-3583-11e7-a588-05992195c551) \\n[RADIUS](/kibana/app/kibana#/dashboard/90b246c0-3583-11e7-a588-05992195c551) \\n[RDP](/kibana/app/kibana#/dashboard/97f8c3a0-3583-11e7-a588-05992195c551) \\n[RFB](/kibana/app/kibana#/dashboard/9ef20ae0-3583-11e7-a588-05992195c551) \\n[SIP](/kibana/app/kibana#/dashboard/ad3c0830-3583-11e7-a588-05992195c551) \\n[SMB](/kibana/app/kibana#/dashboard/b3a53710-3aaa-11e7-8b17-0d8709b02c80) \\n[SMTP](/kibana/app/kibana#/dashboard/b10a9c60-3583-11e7-a588-05992195c551) \\n[SNMP](/kibana/app/kibana#/dashboard/b65c2710-3583-11e7-a588-05992195c551) \\n[Software](/kibana/app/kibana#/dashboard/c2c99c30-3583-11e7-a588-05992195c551) \\n[SSH](/kibana/app/kibana#/dashboard/c6ccfc00-3583-11e7-a588-05992195c551) \\n[SSL](/kibana/app/kibana#/dashboard/cca67b60-3583-11e7-a588-05992195c551) \\n[Syslog](/kibana/app/kibana#/dashboard/c4bbe040-76b3-11e7-ba96-cba76a1e264d) \\n[Tunnels](/kibana/app/kibana#/dashboard/d7b54ae0-3583-11e7-a588-05992195c551) \\n[Weird](/kibana/app/kibana#/dashboard/de2da250-3583-11e7-a588-05992195c551) \\n[X.509](/kibana/app/kibana#/dashboard/e5aa7170-3583-11e7-a588-05992195c551) \\n\\n**Host Hunting** \\n[Autoruns](/kibana/app/kibana#/dashboard/61d43810-6d62-11e7-8ddb-e71eb260f4a3) \\n[Beats](/kibana/app/kibana#/dashboard/AWBLNS3CRuBloj96jxub) \\n[Osquery](/kibana/app/kibana#/dashboard/9d0e2da0-14e1-11e9-82f7-0da02d93a48b) \\n[OSSEC](/kibana/app/kibana#/dashboard/3a457d70-3583-11e7-a588-05992195c551)  \\n[Sysmon](/kibana/app/kibana#/dashboard/6d189680-6d62-11e7-8ddb-e71eb260f4a3) \\n\\n**Other** \\n[Domain Stats](/kibana/app/kibana#/dashboard/AWAi6wvxAvKNGEbUWO_j) \\n[Firewall](/kibana/app/kibana#/dashboard/50173bd0-3582-11e7-98ef-19df58fe538b) \\n[Frequency](/kibana/app/kibana#/dashboard/AWAi5k4jAvKNGEbUWFis) \\n[Stats](/kibana/app/kibana#/dashboard/130017f0-46ce-11e7-946f-1bfb1be7c36b) \\n[Syslog](/kibana/app/kibana#/dashboard/4323af90-76e5-11e7-ab14-e1a4c1bc11e0)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}"},"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE2LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Source IP Addresses","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Source IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"66e26ad0-3580-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE3LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Destination IP Addresses","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Destination IP Addresses\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"7c47b650-3580-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE4LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Notice Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Notice Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}}],\"listeners\":{}}"},"id":"07fdf9e0-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE5LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - File MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - File MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_mime_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"id":"53c62730-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIwLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - File Description","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - File Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_description.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}"},"id":"793c2640-39ad-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIxLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Notice - Destination Port (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Notice - Destination Port (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}"},"id":"e85e2150-6e0e-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIyLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Notice - Message/Sub-Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Notice - Message/Sub-Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"msg.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sub_msg.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sub-Message\"}}],\"listeners\":{}}"},"id":"bfeb6210-7bb9-11e7-90ec-cdd3dff73b38","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIzLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Notices - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Notices - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG1uC-xQT5EBNmq3dP","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI0LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Bro - Notices - Notice Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Notices - Notice Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Note\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"id":"2a949080-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI1LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Notices - Destination Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Notices - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"1a879c90-4ca5-11e8-888d-71b91451cf05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI2LDFd"} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":48,\"i\":\"7\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":48,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":72,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":72,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":136,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":32,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"15\",\"gridData\":{\"w\":48,\"h\":40,\"x\":0,\"y\":96,\"i\":\"15\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"17\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":160,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"panelIndex\":\"18\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"18\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"19\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"19\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - Notices","version":1},"id":"01600fb0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"3027c4f0-34e4-11e7-9669-7f1d3242b798","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"66e26ad0-3580-11e7-98ef-19df58fe538b","name":"panel_2","type":"visualization"},{"id":"7c47b650-3580-11e7-98ef-19df58fe538b","name":"panel_3","type":"visualization"},{"id":"07fdf9e0-39ad-11e7-8472-0151e5b2b475","name":"panel_4","type":"visualization"},{"id":"53c62730-39ad-11e7-8472-0151e5b2b475","name":"panel_5","type":"visualization"},{"id":"793c2640-39ad-11e7-8472-0151e5b2b475","name":"panel_6","type":"visualization"},{"id":"e85e2150-6e0e-11e7-8624-1fb07dd76c6a","name":"panel_7","type":"visualization"},{"id":"bfeb6210-7bb9-11e7-90ec-cdd3dff73b38","name":"panel_8","type":"visualization"},{"id":"AWDG1uC-xQT5EBNmq3dP","name":"panel_9","type":"visualization"},{"id":"0a3bfbe0-342f-11e7-9e93-53b62e1857b2","name":"panel_10","type":"search"},{"id":"2a949080-4a3d-11e8-9b0a-f1d33346f773","name":"panel_11","type":"visualization"},{"id":"1a879c90-4ca5-11e8-888d-71b91451cf05","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI3LDFd"} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ntlm\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"NTLM - Logs","version":1},"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI4LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NTLM - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"36f23eb0-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI5LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"id":"e2c8e040-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMwLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Username","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"NTLM - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}"},"id":"4d869ee0-3ab1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMxLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"d37b9330-3af1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMyLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"f3a92f50-3af1-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMzLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"d7f162b0-6e1c-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM0LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"NTLM - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHCEx7xQT5EBNmq4Vf","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM1LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NTLM - Hostname to Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Hostname to Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"domain_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}]}"},"id":"75ab1050-4a59-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM2LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server NetBIOS Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server NetBIOS Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_nb_computer_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server NetBIOS Name\"}}]}"},"id":"c23ea470-0edc-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM3LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server DNS Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server DNS Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_dns_computer_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server DNS Name\"}}]}"},"id":"ee6a03f0-0edc-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM4LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NTLM - Server Tree Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NTLM - Server Tree Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_tree_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Tree Name\"}}]}"},"id":"2a054320-0edd-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM5LDFd"} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":53,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]},\"gridData\":{\"x\":0,\"y\":77,\"w\":48,\"h\":24,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":24,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":24,\"y\":8,\"w\":12,\"h\":24,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":53,\"w\":16,\"h\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":53,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":32,\"y\":53,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":35,\"y\":32,\"w\":13,\"h\":21,\"i\":\"17\"},\"panelIndex\":\"17\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":22,\"y\":32,\"w\":13,\"h\":21,\"i\":\"18\"},\"panelIndex\":\"18\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":21,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"Bro - NTLM","version":1},"id":"022713e0-3ab0-11e7-a83b-b1b4da7d15f4","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"36f23eb0-3ab0-11e7-a83b-b1b4da7d15f4","name":"panel_1","type":"visualization"},{"id":"c21f4fa0-3aab-11e7-8b17-0d8709b02c80","name":"panel_2","type":"search"},{"id":"e2c8e040-3ab0-11e7-a83b-b1b4da7d15f4","name":"panel_3","type":"visualization"},{"id":"4d869ee0-3ab1-11e7-a83b-b1b4da7d15f4","name":"panel_4","type":"visualization"},{"id":"d37b9330-3af1-11e7-a83b-b1b4da7d15f4","name":"panel_5","type":"visualization"},{"id":"f3a92f50-3af1-11e7-a83b-b1b4da7d15f4","name":"panel_6","type":"visualization"},{"id":"d7f162b0-6e1c-11e7-b553-7f80727663c1","name":"panel_7","type":"visualization"},{"id":"AWDHCEx7xQT5EBNmq4Vf","name":"panel_8","type":"visualization"},{"id":"75ab1050-4a59-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"},{"id":"c23ea470-0edc-11e9-9846-59f545e7293f","name":"panel_10","type":"visualization"},{"id":"ee6a03f0-0edc-11e9-9846-59f545e7293f","name":"panel_11","type":"visualization"},{"id":"2a054320-0edd-11e9-9846-59f545e7293f","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQwLDFd"} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.category:network\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Network Data","version":1},"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQxLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"id":"0242ab70-6eae-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQyLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion - Files","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Files\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Modules** \\n[Strelka](/kibana/app/kibana#/dashboard/ff689c50-75f3-11ea-9565-7315f4ee5cac) \\n[Zeek](/kibana/app/kibana#/dashboard/ad4d5d60-75f4-11ea-9565-7315f4ee5cac)\"},\"aggs\":[]}"},"id":"9a5058f0-6e99-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQzLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Log Count Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"intervalESValue\":30,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-03-29T18:17:18.800Z\",\"max\":\"2020-03-30T18:17:18.800Z\"}},\"label\":\"@timestamp per 30 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ0LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modules","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]}},\"title\":\"Security Onion - Modules\"}"},"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T13:08:54.117Z","version":"WzczMywyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Dataset","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Dataset\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.dataset.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}}]}"},"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ2LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ3LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FIle - Total Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Security Onion - FIle - Total Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.bytes.total: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.bytes.total\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Total Bytes\"}}]}"},"id":"efc25540-75f1-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ4LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.mime_type.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.mime_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIMEType\"}}]}"},"id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ5LDFd"} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:file*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"6948ea4a-398f-4ab1-a269-e1e6ecd29e12\"},\"panelIndex\":\"6948ea4a-398f-4ab1-a269-e1e6ecd29e12\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":7,\"y\":0,\"w\":15,\"h\":7,\"i\":\"d09eef70-f2b5-4085-b619-11cae812be58\"},\"panelIndex\":\"d09eef70-f2b5-4085-b619-11cae812be58\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":0,\"w\":26,\"h\":7,\"i\":\"0dd18bd2-6631-4772-b3d0-4a92ff713e3a\"},\"panelIndex\":\"0dd18bd2-6631-4772-b3d0-4a92ff713e3a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":20,\"i\":\"86d343d4-c030-46a3-9f3e-083ccbf28b04\"},\"panelIndex\":\"86d343d4-c030-46a3-9f3e-083ccbf28b04\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":7,\"w\":8,\"h\":20,\"i\":\"2fb5d1e8-4ac6-42c4-852e-9046c2970086\"},\"panelIndex\":\"2fb5d1e8-4ac6-42c4-852e-9046c2970086\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":7,\"w\":10,\"h\":20,\"i\":\"7875de58-924b-4b27-bd51-159b5657659f\"},\"panelIndex\":\"7875de58-924b-4b27-bd51-159b5657659f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":26,\"y\":7,\"w\":10,\"h\":20,\"i\":\"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\"},\"panelIndex\":\"f1f8a5c7-9e9f-460d-a2b8-eaca8d834c6b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":7,\"w\":12,\"h\":20,\"i\":\"06055634-ec80-478d-93d5-67e1cc46e1ab\"},\"panelIndex\":\"06055634-ec80-478d-93d5-67e1cc46e1ab\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Files","version":1},"id":"0245be10-6ec1-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"9a5058f0-6e99-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"efc25540-75f1-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUwLDFd"} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SSL - Logs","version":1},"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUxLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Version (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Version (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"02699580-365a-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUyLDFd"} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_sip\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SIP - Logs","version":1},"id":"9e131480-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUzLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Status","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_code\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Code\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_msg.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Message\"}}]}"},"id":"0291dba0-4c78-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU0LDFd"} +{"attributes":{"columns":["osquery.columns.permissions","osquery.columns.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome* AND osquery.columns.permissions:('all_urls','privacy')\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Chrome Extensions - Sensitive Permissions","version":1},"id":"040dda10-18d8-11e9-932c-d12d2cf4ee95","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU1LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"04e1aea0-3750-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU2LDFd"} +{"attributes":{"columns":["osquery.hostname","osquery.columns.username","osquery.LiveQuery","osquery.columns.name"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery AND osquery.name:*chrome*\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Chrome Extensions","version":1},"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU3LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Changes by Hostname","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"osquery - Chrome Extensions - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"},"id":"04f86530-1a59-11e9-ac0b-cb0ba10141ab","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU4LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"network.protocol:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Top Network Protocols","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Top Network Protocols\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"},"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU5LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Transport","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network - Transport\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYwLDFd"} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.category: network\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\"},\"panelIndex\":\"b18f064d-2fba-45d8-a3c3-700ecec939a3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":14,\"h\":9,\"i\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\"},\"panelIndex\":\"3bf59d17-132e-47bc-b548-e1e073491ec5\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":27,\"y\":0,\"w\":21,\"h\":9,\"i\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\"},\"panelIndex\":\"49c9ae10-3f16-4cec-b044-c5cf2db199ae\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":13,\"h\":19,\"i\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\"},\"panelIndex\":\"87427ca5-e0b9-4ec8-bb5f-3452803befe1\",\"embeddableConfig\":{\"legendOpen\":false,\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":19,\"i\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\"},\"panelIndex\":\"a7745b0f-1c69-4837-9f7e-3d79b5a2ac60\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":19,\"i\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\"},\"panelIndex\":\"221a543a-98d4-46dd-8e7c-bf97bb292021\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":9,\"w\":11,\"h\":19,\"i\":\"3d3199e1-d839-4738-bc99-e030365b7070\"},\"panelIndex\":\"3d3199e1-d839-4738-bc99-e030365b7070\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - Network","version":1},"id":"04ff3ef0-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"79cc9670-6ead-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYxLDFd"} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"size\":10,\"query\":{\"query_string\":{\"query\":\"event_type:bro_conn\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Connections - Logs","version":1},"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYyLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Missed Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Missed Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"missed_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Missed Bytes\"}}],\"listeners\":{}}"},"id":"05088150-3670-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYzLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smb.path.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.path.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Path\"}}]}"},"id":"052df440-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY0LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - GID/SID","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - GID/SID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"GID\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"SID\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.rev: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.gid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"GID\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.signature_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SID\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.rev\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Revision\"}}]}"},"id":"053f7130-7734-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY1LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Originator Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Originator Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"original_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"id":"05809df0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY2LDFd"} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event_type: osquery\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"osquery - Logs","version":1},"id":"84116380-14e1-11e9-82f7-0da02d93a48b","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY3LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Changes by Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Changes by Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.hostname.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}]}"},"id":"05a5ed10-14e4-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY4LDFd"} +{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ftp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"FTP - Logs","version":1},"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY5LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"FTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"06f21d60-35b6-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcwLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Query","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Query\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.query.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.query.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Query\"}}]}"},"id":"07065340-72ba-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcxLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - Section","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.section_names.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Section\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - PE - Section\"}"},"id":"07419650-c763-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T12:51:12.564Z","version":"WzczMCwyXQ=="} +{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_intel\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Intel - Logs","version":1},"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcyLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Intel - Indicator Type (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Intel - Indicator Type (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Indicator Type\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"indicator_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Indicator Type\"}}]}"},"id":"07622d60-6e16-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzczLDFd"} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_mysql\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"MySQL - Logs","version":1},"id":"5d624230-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzc0LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Command/Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql_command.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql_argument.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}"},"id":"07e25650-3812-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzc1LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - HTTP - Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"http.method.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"id":"088aad70-7377-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzc2LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Hash - SHA256","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Hash - SHA256\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.hash.sha256.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.sha256.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"08c0b770-772e-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzc3LDFd"} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssh\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SSH - Logs","version":1},"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzc4LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSH - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"09457310-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzc5LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Hash - MD5","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Hash - MD5\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.md5.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MD5\"}}]}"},"id":"09fc6ef0-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzgwLDFd"} +{"attributes":{"columns":["source_ip","syslog-host_from","syslog-priority"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"tags:syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Syslog (All) - Logs","version":1},"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzgxLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Host From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Syslog - Host From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Host (From)\"}}],\"listeners\":{}}"},"id":"0a2ce700-76e6-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzgyLDFd"} +{"attributes":{"columns":["host","certificate_subject","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"X.509 - Logs","version":1},"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzgzLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_issuer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}"},"id":"0a5f7b30-37d9-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzg0LDFd"} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rdp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RDP - Logs","version":1},"id":"823dd600-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzg1LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"0b9dea80-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzg2LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Certificate Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Certificate Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.certificate_type.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.certificate_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"id":"0c006bb0-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzg3LDFd"} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNS - Logs","version":1},"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzg4LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Query Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Query Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query_type_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Type\"}}]}"},"id":"0c338e50-4a4e-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzg5LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RADIUS - Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RADIUS - Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"radius.reply_message.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"radius.reply_message.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reply\"}}]}"},"id":"0ca071b0-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzkwLDFd"} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.module:sysmon\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Sysmon","version":1},"id":"6281da80-c780-11ea-bebb-37c5ab5894ea","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-16T16:21:21.064Z","version":"WzgzOSwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Sysmon Datasets","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - Sysmon Datasets\"}"},"id":"0caa7df0-c781-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"6281da80-c780-11ea-bebb-37c5ab5894ea","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-16T16:26:06.541Z","version":"Wzg0MCwyXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:conn\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Connections","version":1},"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzkxLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Connections Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date_range\",\"params\":{\"id\":\"date\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}},\"params\":{},\"label\":\"@timestamp date ranges\",\"aggType\":\"date_range\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"34721460-6ebc-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzkyLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"id":"c9121690-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzkzLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - State","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"connection.state.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.state.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"State\"}}]}"},"id":"23b65290-6ea2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzk0LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Connections - State (Desc)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.state_description.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Connection State\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - Connections - State (Desc)\"}"},"id":"dc3f2c10-c6d6-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T20:07:50.857Z","version":"WzcwOSwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Client Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Client Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Client Bytes\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Bytes\"}}]}"},"id":"98f6e9d0-6ea1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzk1LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Responder Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server Bytes\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.bytes\",\"orderBy\":\"_key\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Bytes\"}}]}"},"id":"70565ec0-6ea1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzk2LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - History","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - History\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection.history.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"History\"}}]}"},"id":"5414ad60-6ea2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzk3LDFd"} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:conn\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"a05b7540-74b1-40db-b1d6-0e151f5bbaba\"},\"panelIndex\":\"a05b7540-74b1-40db-b1d6-0e151f5bbaba\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":13,\"h\":9,\"i\":\"78f096e9-6e6b-4144-a63f-3767deab6c8c\"},\"panelIndex\":\"78f096e9-6e6b-4144-a63f-3767deab6c8c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":9,\"i\":\"f24faa4b-0270-44e6-af45-639e2d39c2c3\"},\"panelIndex\":\"f24faa4b-0270-44e6-af45-639e2d39c2c3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":18,\"i\":\"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\"},\"panelIndex\":\"8cc3f2ee-fcc8-4ddb-8f44-ec0b08da4756\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":11,\"y\":9,\"w\":12,\"h\":18,\"i\":\"5558d00d-f3fd-4051-96a4-384134149228\"},\"panelIndex\":\"5558d00d-f3fd-4051-96a4-384134149228\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":23,\"y\":9,\"w\":13,\"h\":18,\"i\":\"ccdbd90c-299e-4e60-a139-1505f1329071\"},\"panelIndex\":\"ccdbd90c-299e-4e60-a139-1505f1329071\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":18,\"i\":\"d678bf2f-f183-4981-9142-976880029daa\"},\"panelIndex\":\"d678bf2f-f183-4981-9142-976880029daa\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":19,\"h\":18,\"i\":\"97f0546b-01c5-41c1-9316-099f2b3c8d91\"},\"panelIndex\":\"97f0546b-01c5-41c1-9316-099f2b3c8d91\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":19,\"y\":27,\"w\":9,\"h\":18,\"i\":\"598bda31-1136-4474-9384-451491a71d23\"},\"panelIndex\":\"598bda31-1136-4474-9384-451491a71d23\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_8\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":28,\"y\":27,\"w\":9,\"h\":18,\"i\":\"8192def5-399b-4728-8646-edf393b63b7e\"},\"panelIndex\":\"8192def5-399b-4728-8646-edf393b63b7e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":37,\"y\":27,\"w\":11,\"h\":18,\"i\":\"755322ff-13a8-4121-a2db-6322c037e8b3\"},\"panelIndex\":\"755322ff-13a8-4121-a2db-6322c037e8b3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - Connections","version":1},"id":"0cc628b0-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"34721460-6ebc-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"c9121690-6ea0-11ea-9266-1fd14ca6af34","name":"panel_5","type":"visualization"},{"id":"23b65290-6ea2-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"},{"id":"dc3f2c10-c6d6-11ea-bebb-37c5ab5894ea","name":"panel_7","type":"visualization"},{"id":"98f6e9d0-6ea1-11ea-9266-1fd14ca6af34","name":"panel_8","type":"visualization"},{"id":"70565ec0-6ea1-11ea-9266-1fd14ca6af34","name":"panel_9","type":"visualization"},{"id":"5414ad60-6ea2-11ea-9266-1fd14ca6af34","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T20:08:44.243Z","version":"WzcxMCwyXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_modbus\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Modbus - Logs","version":1},"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"Wzk5LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Modbus - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEwMCwxXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_weird\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Weird - Logs","version":1},"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEwMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"@timestamp per 12 hours\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}]},\"title\":\"Weird - Log Count Over TIme\",\"type\":\"line\"}"},"id":"0dbcade0-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEwMiwxXQ=="} +{"attributes":{"columns":["alert_level","classification","description"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[{\"meta\":{\"negate\":false,\"key\":\"tags\",\"value\":\"alert\",\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"tags\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Alerts","version":1},"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEwMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"4fa0e530-3644-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEwNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Alert Level (Pie Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Alert Level (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Alert Level\"}}]}"},"id":"69d98570-398b-11e7-84f8-a1f7cef50fcb","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEwNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG4pcDxQT5EBNmq3pi","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEwNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Event Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Event Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"description.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Description\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Agent\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Username\"}}]}"},"id":"ee0ba080-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEwNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - User to Escalated User (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - User to Escalated User (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"escalated_user.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Escalated User\"}}]}"},"id":"1de31b40-4a42-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEwOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Command (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Command (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"id":"9ff34f60-4a42-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEwOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"OSSEC Alerts - Process and Username (Data Table)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"OSSEC Alerts - Process and Username (Data Table)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Process\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"id":"447bd2f0-4a43-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzExMCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"h\":60,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":28,\"i\":\"6\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"h\":56,\"i\":\"11\",\"w\":48,\"x\":0,\"y\":88},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"columns\":[\"alert_level\",\"classification\",\"description\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"12\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"h\":28,\"i\":\"13\",\"w\":24,\"x\":8,\"y\":8},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":16,\"x\":32,\"y\":36},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"gridData\":{\"h\":28,\"i\":\"15\",\"w\":48,\"x\":0,\"y\":60},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"embeddableConfig\":{\"spy\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":24,\"i\":\"16\",\"w\":24,\"x\":8,\"y\":36},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"OSSEC Alerts","version":1},"id":"0de7a390-3644-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"4fa0e530-3644-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"69d98570-398b-11e7-84f8-a1f7cef50fcb","name":"panel_2","type":"visualization"},{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"},{"id":"AWDG4pcDxQT5EBNmq3pi","name":"panel_4","type":"visualization"},{"id":"ee0ba080-4a3d-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"1de31b40-4a42-11e8-9b0a-f1d33346f773","name":"panel_6","type":"visualization"},{"id":"9ff34f60-4a42-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"},{"id":"447bd2f0-4a43-11e8-9b0a-f1d33346f773","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzExMSwxXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_snmp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SNMP - Logs","version":1},"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzExMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"0defabb0-36b9-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzExMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Alert Data","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Modules** \\n[Playbook](/kibana/app/kibana#/dashboard/f449f0a0-c77c-11ea-bebb-37c5ab5894ea) \\n[Suricata](/kibana/app/kibana#/dashboard/81057f40-7733-11ea-bee5-af7f7c7b8e05) \\n[Wazuh](/kibana/app/kibana#/dashboard/9480f190-7732-11ea-bee5-af7f7c7b8e05) \\n[Zeek](/kibana/app/kibana#/dashboard/fa9ed760-7734-11ea-bee5-af7f7c7b8e05) \\n\"},\"title\":\"Security Onion - Alert Data\"}"},"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-07-16T15:57:30.488Z","version":"WzgyNCwyXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:alert\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Alerts","version":1},"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzExNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Alerts - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Alerts - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"id":"931cb6f0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzExNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Alerts Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Alerts Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"b419b100-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzExNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Rule - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"title\":\"Security Onion - Rule - Name\"}"},"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-16T15:41:34.211Z","version":"WzgwMiwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - Severity","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.severity_label.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"title\":\"Security Onion - Rule - Severity\"}"},"id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T15:42:56.387Z","version":"WzgwNywyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Rule - Category","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - Category\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"}}]}"},"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEyMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Destination Ports","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Destination Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}}]}"},"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEyMSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset: alert\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Low & Medium Severity\",\"disabled\":true,\"key\":\"event.severity\",\"negate\":false,\"params\":{\"gte\":1,\"lt\":3},\"type\":\"range\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"range\":{\"event.severity\":{\"gte\":1,\"lt\":3}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"High & Critical Severity\",\"disabled\":true,\"key\":\"event.severity\",\"negate\":false,\"params\":{\"gte\":3,\"lt\":5},\"type\":\"range\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"range\":{\"event.severity\":{\"gte\":3,\"lt\":5}}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\",\"w\":10,\"x\":0,\"y\":0},\"panelIndex\":\"c2ddba4b-b0a1-4204-b952-fdc8073dd3c6\",\"version\":\"7.7.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"5a22818d-a0f7-4b39-978f-bee1e4280a54\",\"w\":13,\"x\":10,\"y\":0},\"panelIndex\":\"5a22818d-a0f7-4b39-978f-bee1e4280a54\",\"version\":\"7.7.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"41a7c313-2dc3-4563-8545-a55f57af532c\",\"w\":25,\"x\":23,\"y\":0},\"panelIndex\":\"41a7c313-2dc3-4563-8545-a55f57af532c\",\"version\":\"7.7.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7f00befc-4315-45d2-b686-fa99db9fb79c\",\"w\":29,\"x\":0,\"y\":8},\"panelIndex\":\"7f00befc-4315-45d2-b686-fa99db9fb79c\",\"version\":\"7.7.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"1fa5c765-6991-4ece-a6a4-cdb6f2d35553\",\"w\":19,\"x\":29,\"y\":8},\"panelIndex\":\"1fa5c765-6991-4ece-a6a4-cdb6f2d35553\",\"version\":\"7.7.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"eee74597-fa74-4bf6-9c71-429bfe4c3ecd\",\"w\":19,\"x\":0,\"y\":27},\"panelIndex\":\"eee74597-fa74-4bf6-9c71-429bfe4c3ecd\",\"version\":\"7.7.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"fa0e8955-a837-400c-abcb-43394471b39d\",\"w\":10,\"x\":19,\"y\":27},\"panelIndex\":\"fa0e8955-a837-400c-abcb-43394471b39d\",\"version\":\"7.7.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"b60abef8-9b1e-4bae-ac3f-d7eb5a230430\",\"w\":10,\"x\":29,\"y\":27},\"panelIndex\":\"b60abef8-9b1e-4bae-ac3f-d7eb5a230430\",\"version\":\"7.7.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":18,\"i\":\"799598a4-39de-455d-bc39-409466b8b119\",\"w\":9,\"x\":39,\"y\":27},\"panelIndex\":\"799598a4-39de-455d-bc39-409466b8b119\",\"version\":\"7.7.1\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - Alerts","version":1},"id":"0e4af1d0-72ae-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"931cb6f0-72ae-11ea-8dd2-9d8795a1200b","name":"panel_1","type":"visualization"},{"id":"b419b100-72ae-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-16T15:47:02.445Z","version":"WzgxMywyXQ=="} +{"attributes":{"columns":["event_type","source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:sysmon\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Sysmon - Logs","version":1},"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEyMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_hostname.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source Hostname\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_hostname.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Hostname\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}"},"id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEyNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"kerberos.client.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"id":"0ecc7310-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEyNSwxXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"All Logs","version":1},"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEyNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sensors/Devices - Total Number of Logs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sensors/Devices - Total Number of Logs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor/Device\"}}]}"},"id":"0f25aac0-3434-11e7-8867-29a39c0f86b2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEyNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Direction","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Direction\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.direction.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.direction.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Direction\"}}]}"},"id":"104a4a90-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEyOCwxXQ=="} +{"attributes":{"columns":["source_ip","destination_ip","message_types","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dhcp\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DHCP - Logs","version":1},"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEyOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"id":"1055ada0-3655-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEzMCwxXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dce_rpc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DCE/RPC - Logs","version":1},"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEzMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"10b8a610-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEzMiwxXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_radius\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RADIUS - Logs","version":1},"id":"75545310-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEzMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - MAC","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mac.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MAC Address\"}}],\"listeners\":{}}"},"id":"10cd7190-3809-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEzNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Sum of Total Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Sum of Total Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"id":"1156b1e0-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEzNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Logstash - Processing Performance","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Logstash - Processing Performance\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Log Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Average processing time\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"4\",\"label\":\"Standard Deviation of logstash_time\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"stacked\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\",\"customLabel\":\"Average processing time\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"size\":20,\"orderAgg\":{\"id\":\"2-orderAgg\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"orderAgg\",\"params\":{\"field\":\"logstash_time\"}},\"order\":\"desc\",\"orderBy\":\"custom\",\"customLabel\":\"Log Type\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"std_dev\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"id":"f86bc870-46ce-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEzNiwxXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"tags:_grokparsefailure OR tags:_csvparsefailure OR tags:_rubyexception\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Errors","version":1},"id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEzNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Logstash - Error Type (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Logstash - Error Type (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tags.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"exclude\":\"\",\"include\":\"_csvparsefailure|_grokparsefailure|_rubyexception\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"3a273780-46d0-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEzOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Avg Processing Time","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Avg Processing Time\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"avg\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"id":"AWDHIynExQT5EBNmq49q","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEzOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Median Processing TIme","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Median Processing TIme\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"median\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\",\"percents\":[50]}}],\"listeners\":{}}"},"id":"AWDHJY1BxQT5EBNmq5Ay","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE0MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Max Processing Time","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Max Processing Time\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"logstash_time\"}}],\"listeners\":{}}"},"id":"AWDHJpuBxQT5EBNmq5Cr","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE0MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"tags:_grokparsefailure OR tags:_csvparsefailure OR tags:_rubyexception\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Logstash - Error Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Logstash - Error Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHKEF2xQT5EBNmq5FA","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE0MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Sensors/Devices and Services","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sensors/Devices and Services\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sensor_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}"},"id":"d8214de0-4a3a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE0MywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":12,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":12,\"h\":28,\"x\":8,\"y\":36,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":64,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":8,\"h\":64,\"x\":0,\"y\":0,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":88,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":12,\"x\":8,\"y\":0,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":12,\"x\":16,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":12,\"x\":24,\"y\":0,\"i\":\"17\"},\"panelIndex\":\"17\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":12,\"x\":32,\"y\":0,\"i\":\"18\"},\"panelIndex\":\"18\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"gridData\":{\"w\":28,\"h\":28,\"x\":20,\"y\":36,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Stats","version":1},"id":"130017f0-46ce-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"f86bc870-46ce-11e7-946f-1bfb1be7c36b","name":"panel_0","type":"visualization"},{"id":"0f25aac0-3434-11e7-8867-29a39c0f86b2","name":"panel_1","type":"visualization"},{"id":"3a273780-46d0-11e7-946f-1bfb1be7c36b","name":"panel_2","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_3","type":"visualization"},{"id":"ef487fd0-46cf-11e7-ba56-317a6969f55c","name":"panel_4","type":"search"},{"id":"AWDHIynExQT5EBNmq49q","name":"panel_5","type":"visualization"},{"id":"AWDHJY1BxQT5EBNmq5Ay","name":"panel_6","type":"visualization"},{"id":"AWDHJpuBxQT5EBNmq5Cr","name":"panel_7","type":"visualization"},{"id":"AWDHKEF2xQT5EBNmq5FA","name":"panel_8","type":"visualization"},{"id":"d8214de0-4a3a-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE0NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination - Sum of Total Bytes ( Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Destination - Sum of Total Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"id":"1342e630-4632-11e7-9903-85f789353078","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE0NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Response Code Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.response.code_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response Code Name\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - DNS - Response Code Name\"}"},"id":"13cda410-c770-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T14:24:37.072Z","version":"Wzc1NywyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User\"}}]}"},"id":"13ed0810-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE0NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Connection State","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Connection State\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connection_state_description.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection State Description\"}}],\"listeners\":{}}"},"id":"13fe29c0-3b17-11e7-b871-5f76306b9694","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE0NywxXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_rfb\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"RFB - Logs","version":1},"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE0OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Exclusive Session (Donut Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"RFB - Exclusive Session (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"share_flag.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"14274040-371f-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE0OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Agents","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Agents\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"agent.type.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"agent.version.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"},"id":"14ed9540-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE1MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Key Length (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Key Length (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Key Length\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"certificate_key_length\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Key Length\"}}],\"listeners\":{}}"},"id":"150f7280-6e37-11e7-a8d6-ed2e692de531","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE1MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - Description","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - Description\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"id":"1563f380-7737-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE1MiwxXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"(event_type:bro_smb_mapping OR event_type:bro_smb_files)\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SMB - Logs","version":1},"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE1MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"15b4e7a0-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE1NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Server Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Server Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Server Address\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.address.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Address\"}}]}"},"id":"15fa3b30-7375-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE1NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"178209e0-6e1b-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE1NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"19dfd180-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE1NywxXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":\"event_type:ids\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"NIDS - Alerts","version":1},"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE1OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Drilldown - Alert Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS - Drilldown - Alert Title\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":12}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"schema\":\"metric\",\"params\":{\"field\":\"alert.keyword\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\"}}]}"},"id":"1b3faca0-e064-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE1OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Source IP Address","uiStateJSON":"{\"P-5\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"P-6\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"1b837b00-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE2MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Total Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Total Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"1c2aeb50-365e-11e7-b896-5bdd6bfa1561","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE2MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.service.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"1c6567b0-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE2MiwxXQ=="} +{"attributes":{"columns":["entry","entry_location","image_path","hostname","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:autoruns\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Autoruns - Logs","version":1},"id":"dd700830-6d69-11e7-ad64-15aa071374a6","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE2MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Profile","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Profile\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"profile.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Profile\"}}],\"listeners\":{}}"},"id":"1cd6a970-6d79-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE2NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"ElastAlert - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"969e4820-7dce-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE2NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Alert Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Alert Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert_info.type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert Type\"}}],\"listeners\":{}}"},"id":"f7998d60-7dce-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE2NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Rule","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Rule\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule_name\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Rule\"}}],\"listeners\":{}}"},"id":"5e1dc100-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE2NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.source_ip.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}"},"id":"8ec77cb0-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE2OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.destination_ip.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}],\"listeners\":{}}"},"id":"a26faee0-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE2OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastAlert - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastAlert - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"match_body.destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"ce25b750-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE3MCwxXQ=="} +{"attributes":{"columns":["rule_name","matches","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"ElastAlert","version":1},"id":"e8840d40-7dcf-11e7-a1a2-3be6827d22ce","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE3MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Elastalert - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Elastalert - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG7DVRxQT5EBNmq3zM","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:elastalert_status*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE3MiwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"4\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":48,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{\"columns\":[\"rule_name\",\"matches\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"10\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"},\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"ElastAlert","version":1},"id":"1d98d620-7dce-11e7-846a-150cdcaf3374","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"969e4820-7dce-11e7-a1a2-3be6827d22ce","name":"panel_1","type":"visualization"},{"id":"f7998d60-7dce-11e7-a1a2-3be6827d22ce","name":"panel_2","type":"visualization"},{"id":"5e1dc100-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_3","type":"visualization"},{"id":"8ec77cb0-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_4","type":"visualization"},{"id":"a26faee0-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_5","type":"visualization"},{"id":"ce25b750-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_6","type":"visualization"},{"id":"e8840d40-7dcf-11e7-a1a2-3be6827d22ce","name":"panel_7","type":"search"},{"id":"AWDG7DVRxQT5EBNmq3zM","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE3MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"1ecdd2e0-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE3NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Method (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Method (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"method.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}"},"id":"1ef5c230-6e24-11e7-a261-55504638cf3b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE3NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Command/Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Command/Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.command.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.argument.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.command.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.argument.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Argument\"}}]}"},"id":"1f306f60-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE3NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE3NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - FC Reply","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - FC Reply\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dnp3.fc_reply.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FC Reply\"}}]}"},"id":"214793c0-75b9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE3OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"21d090d0-365b-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE3OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Response Code (Name)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Response Code (Name)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rcode_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response Code (Name)\"}}]}"},"id":"22f7de30-4949-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE4MCwxXQ=="} +{"attributes":{"columns":["source_ip","destination_ip","destination_port","resp_fuids","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_http\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"HTTP - Logs","version":1},"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE4MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"37f19e40-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE4MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Sites","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Sites\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}"},"id":"8ba31820-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE4MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"\\\"application/x-dosexec\\\"\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP - Sites Hosting EXEs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Sites Hosting EXEs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Site\"}}],\"listeners\":{}}"},"id":"7153e7f0-34c7-11e7-8360-0b86c90983fd","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE4NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - URIs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - URIs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"uri.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}"},"id":"aa7abb00-34e3-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE4NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"ae1f1fb0-3648-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE4NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"d0f56da0-3648-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE4NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"useragent.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}"},"id":"ae591c20-4164-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE4OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Referrer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Referrer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"referrer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"2a7c21d0-4165-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE4OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - MIME Type (Tag Cloud)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - MIME Type (Tag Cloud)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":40},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"resp_mime_types.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"id":"934fe550-6e08-11e7-9370-174c4785d3e1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE5MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Destination Port (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Destination Port (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}"},"id":"3f4abb40-6e0a-11e7-84cc-b363f104b3c7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE5MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Destination Country (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP - Destination Country (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}"},"id":"e41a0bd0-6e0a-11e7-84cc-b363f104b3c7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE5MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HTTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"HTTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG97t7xQT5EBNmq4E1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE5MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"HTTP - Status and Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"HTTP - Status and Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"status_message.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Status Message\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"method.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}]}"},"id":"66faa650-4c99-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE5NCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":52,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":88,\"w\":48,\"h\":24,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":0,\"y\":112,\"w\":48,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":0,\"y\":136,\"w\":48,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":216,\"w\":48,\"h\":36,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"resp_fuids\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"14\",\"gridData\":{\"x\":0,\"y\":52,\"w\":24,\"h\":24,\"i\":\"14\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":24,\"y\":52,\"w\":24,\"h\":24,\"i\":\"15\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"16\",\"gridData\":{\"x\":0,\"y\":188,\"w\":48,\"h\":28,\"i\":\"16\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"17\",\"gridData\":{\"x\":0,\"y\":160,\"w\":48,\"h\":28,\"i\":\"17\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"19\",\"gridData\":{\"x\":0,\"y\":76,\"w\":48,\"h\":12,\"i\":\"19\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"panelIndex\":\"20\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":20,\"i\":\"20\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":20,\"i\":\"21\"},\"embeddableConfig\":{\"vis\":{\"colors\":{\"Count\":\"#629E51\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"},{\"panelIndex\":\"23\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"23\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"},{\"panelIndex\":\"24\",\"gridData\":{\"x\":8,\"y\":28,\"w\":40,\"h\":24,\"i\":\"24\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - HTTP","version":1},"id":"230134a0-34c6-11e7-8360-0b86c90983fd","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"37f19e40-34c6-11e7-8360-0b86c90983fd","name":"panel_1","type":"visualization"},{"id":"8ba31820-34c6-11e7-8360-0b86c90983fd","name":"panel_2","type":"visualization"},{"id":"7153e7f0-34c7-11e7-8360-0b86c90983fd","name":"panel_3","type":"visualization"},{"id":"aa7abb00-34e3-11e7-9669-7f1d3242b798","name":"panel_4","type":"visualization"},{"id":"fad7d170-342d-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"ae1f1fb0-3648-11e7-bf60-314364dd1cde","name":"panel_6","type":"visualization"},{"id":"d0f56da0-3648-11e7-bf60-314364dd1cde","name":"panel_7","type":"visualization"},{"id":"ae591c20-4164-11e7-9850-b78558d0ac17","name":"panel_8","type":"visualization"},{"id":"2a7c21d0-4165-11e7-9850-b78558d0ac17","name":"panel_9","type":"visualization"},{"id":"934fe550-6e08-11e7-9370-174c4785d3e1","name":"panel_10","type":"visualization"},{"id":"3f4abb40-6e0a-11e7-84cc-b363f104b3c7","name":"panel_11","type":"visualization"},{"id":"e41a0bd0-6e0a-11e7-84cc-b363f104b3c7","name":"panel_12","type":"visualization"},{"id":"AWDG97t7xQT5EBNmq4E1","name":"panel_13","type":"visualization"},{"id":"66faa650-4c99-11e8-9b0a-f1d33346f773","name":"panel_14","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE5NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Validation Status","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"validation_status.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}"},"id":"23d22bd0-70b4-11e7-810e-2bafe9e41c10","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE5NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Connections - Bytes and Duration","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Bytes and Duration\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Top Total Bytes](/kibana/app/kibana#/dashboard/a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b) \\n[Source - Originator Bytes](/kibana/app/kibana#/dashboard/68f738e0-46ca-11e7-946f-1bfb1be7c36b) | [Destination - Responder Bytes](/kibana/app/kibana#/dashboard/b65775e0-46cb-11e7-946f-1bfb1be7c36b) \\n[Source - Sum of Total Bytes](/kibana/app/kibana#/dashboard/f042ad60-46c6-11e7-946f-1bfb1be7c36b) | [Destination - Sum of Total Bytes](/kibana/app/kibana#/dashboard/ccfcc540-4638-11e7-a82e-d97152153689) \\n[Source - Top Connection Duration](/kibana/app/kibana#/dashboard/4e108070-46c7-11e7-946f-1bfb1be7c36b) | [Destination - Top Connection Duration](/kibana/app/kibana#/dashboard/ea211360-46c4-11e7-a82e-d97152153689)\",\"fontSize\":12,\"openLinksInNewTab\":false},\"aggs\":[]}"},"id":"25ce6eb0-463b-11e7-a82e-d97152153689","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE5NywxXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_tunnels\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Tunnels - Logs","version":1},"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE5OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"26457730-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzE5OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"265a04d0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIwMCwxXQ=="} +{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_syslog\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Syslog (Bro) - Logs","version":1},"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIwMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.method.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"id":"272b8ab0-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIwMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Bro - Connections - Service By Destination Country","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Bro - Connections - Service By Destination Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\",\"row\":false}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}]}"},"id":"277f3250-4161-11e7-8493-51634b0a4565","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIwMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RADIUS - Result","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - RADIUS - Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"radius.result.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Result\"}}]}"},"id":"27ab8260-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIwNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp_argument.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Argument\"}}],\"listeners\":{}}"},"id":"e1907430-35b6-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIwNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Reply Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Reply Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"reply_message.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply Message\"}}],\"listeners\":{}}"},"id":"adcd38e0-3679-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIwNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"FTP - Reply Code","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"FTP - Reply Code\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"reply_code.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"a0cb0860-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIwNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"cf9e5660-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIwOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Destination Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"f1d3d070-367a-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIwOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Username","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"FTP - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}],\"listeners\":{}}"},"id":"f9904390-3bff-11e7-be35-e7fc4052ff75","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIxMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"eead8540-6e14-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIxMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"FTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG9sT_xQT5EBNmq4DI","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIxMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"FTP - Command","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FTP - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp_command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}"},"id":"d5681260-4c8c-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIxMywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":20,\"y\":8,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":32,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":56,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":56,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":32,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"fuid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"14\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"15\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":8,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - FTP","version":1},"id":"27f3b380-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"06f21d60-35b6-11e7-a994-c528746bc6e8","name":"panel_1","type":"visualization"},{"id":"e1907430-35b6-11e7-a994-c528746bc6e8","name":"panel_2","type":"visualization"},{"id":"adcd38e0-3679-11e7-8c78-e3086faf385c","name":"panel_3","type":"visualization"},{"id":"a0cb0860-367a-11e7-8c78-e3086faf385c","name":"panel_4","type":"visualization"},{"id":"cf9e5660-367a-11e7-8c78-e3086faf385c","name":"panel_5","type":"visualization"},{"id":"f1d3d070-367a-11e7-8c78-e3086faf385c","name":"panel_6","type":"visualization"},{"id":"f9904390-3bff-11e7-be35-e7fc4052ff75","name":"panel_7","type":"visualization"},{"id":"f21cb5f0-342d-11e7-9e93-53b62e1857b2","name":"panel_8","type":"search"},{"id":"eead8540-6e14-11e7-8624-1fb07dd76c6a","name":"panel_9","type":"visualization"},{"id":"AWDG9sT_xQT5EBNmq4DI","name":"panel_10","type":"visualization"},{"id":"d5681260-4c8c-11e8-9b0a-f1d33346f773","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIxNCwxXQ=="} +{"attributes":{"columns":["alert_level","classification","description"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:ossec\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Logs","version":1},"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIxNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"OSSEC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"2817b300-3643-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIxNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - Machine","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.machine.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Machine\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - PE - Machine\"}"},"id":"282bf2c0-c763-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T12:52:07.788Z","version":"WzczMSwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Key Type (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"x509.certificate.key.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.basic_constraints.ca: Descending\",\"aggType\":\"terms\"}]}},\"title\":\"Security Onion - X.509 - Key Type (Donut)\"}"},"id":"2895c940-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T15:53:07.934Z","version":"WzgyMCwyXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.dataset:http\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - HTTP","version":1},"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIxOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Virtual Host","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Virtual Host\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.virtual_host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Virtual Host\"}}]}"},"id":"28bf2ef0-6eb7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIxOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top Source IPs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top Source IPs\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"28c27f80-3b05-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIyMCwxXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","request_type","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_kerberos\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Kerberos - Logs","version":1},"id":"452daa10-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIyMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"28d04080-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIyMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"CLient\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"id":"292b1db0-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIyMywxXQ=="} +{"attributes":{"columns":["file_ip","destination_ip","source","uid","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"event_type:bro_files\"}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Files - Logs","version":1},"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIyNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"295d7ed0-3656-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIyNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Target Filename","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Target Filename\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"target_filename.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Filename\"}}],\"listeners\":{}}"},"id":"29611940-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIyNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Source Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"id":"296823d0-366f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIyNywxXQ=="} +{"attributes":{"columns":["action","reason","source_ip","source_port","destination_ip","destination_port","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:firewall\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Firewall - Logs","version":1},"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIyOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Action/Reason (Vertical Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Action/Reason (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Action\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"reason.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reason\"}}],\"listeners\":{}}"},"id":"2a1eb100-6d82-11e7-bcd4-0d514e0e7da1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIyOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SNMP - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"2a3ae810-36ba-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIzMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Lease Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Lease Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dhcp.lease_time: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.lease_time\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Lease Time\"}}]}"},"id":"2af5f980-96e2-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIzMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Client/Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Client/Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"id":"2bbdc020-6e34-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIzMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Files - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"6571ee10-3584-11e7-a588-05992195c551","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIzMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Files By Size (Bytes)","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Files - Files By Size (Bytes)\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"seen_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Bytes Seen\"}}],\"listeners\":{}}"},"id":"cb3f3850-3585-11e7-8f28-2b291d0f6d86","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIzNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file_ip.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File IP Address\"}}],\"listeners\":{}}"},"id":"67ab33d0-3656-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIzNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Files - MIME Type (Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Files - MIME Type (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"rotate\":75,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"MIME Type\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mimetype.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}]}"},"id":"8c57f3d0-3674-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIzNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"FIles - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"FIles - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mimetype.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"id":"aa021c90-3678-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIzNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Files - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Files - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG9goqxQT5EBNmq4BP","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIzOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Files - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Files - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}]}"},"id":"dff32860-4c8b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzIzOSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"2\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"file_ip\",\"destination_ip\",\"source\",\"uid\",\"fuid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":48,\"i\":\"7\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":48,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"12\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - Files","version":1},"id":"2d315d80-3582-11e7-98ef-19df58fe538b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"6571ee10-3584-11e7-a588-05992195c551","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"e929e8a0-342d-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"cb3f3850-3585-11e7-8f28-2b291d0f6d86","name":"panel_3","type":"visualization"},{"id":"295d7ed0-3656-11e7-baa7-b7de4ee40605","name":"panel_4","type":"visualization"},{"id":"67ab33d0-3656-11e7-baa7-b7de4ee40605","name":"panel_5","type":"visualization"},{"id":"8c57f3d0-3674-11e7-8c78-e3086faf385c","name":"panel_6","type":"visualization"},{"id":"aa021c90-3678-11e7-8c78-e3086faf385c","name":"panel_7","type":"visualization"},{"id":"AWDG9goqxQT5EBNmq4BP","name":"panel_8","type":"visualization"},{"id":"dff32860-4c8b-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI0MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos - Request Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos - Request Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.request_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request Type\"}}]}"},"id":"2d73e460-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI0MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"2da139c0-34e7-11e7-9118-45bd317f0ca4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI0MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Content Type (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Content Type (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"content_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"2db47070-3754-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI0MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"e3fb39a0-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI0NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - SAN DNS","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - SAN DNS\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.san_dns.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.san_dns.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SAN DNS\"}}]}"},"id":"47f40770-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI0NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X.509 - Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - X.509 - Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"x509.certificate.issuer.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.issuer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Issuer\"}}]}"},"id":"b7334c00-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI0NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - X509 - Key Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"x509.certificate.key.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Key Type\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - X509 - Key Type\"}"},"id":"8d4a9990-c77c-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T15:53:54.857Z","version":"WzgyMSwyXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:x509\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"2d374b61-ac4b-4f89-aec2-254ab0a2e011\"},\"panelIndex\":\"2d374b61-ac4b-4f89-aec2-254ab0a2e011\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":8,\"i\":\"7372042e-3e70-4764-abb1-0c4c9288ff23\"},\"panelIndex\":\"7372042e-3e70-4764-abb1-0c4c9288ff23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"eee8c3b6-66eb-4427-99ed-459c294599c7\"},\"panelIndex\":\"eee8c3b6-66eb-4427-99ed-459c294599c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":30,\"h\":22,\"i\":\"3c5d4fc3-bad7-435e-aadc-21de562b638d\"},\"panelIndex\":\"3c5d4fc3-bad7-435e-aadc-21de562b638d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":22,\"i\":\"3fb3ec30-312a-45aa-93be-b8955615bf71\"},\"panelIndex\":\"3fb3ec30-312a-45aa-93be-b8955615bf71\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":30,\"w\":30,\"h\":21,\"i\":\"0a395978-b95f-4bfc-82fa-737307cd8ebd\"},\"panelIndex\":\"0a395978-b95f-4bfc-82fa-737307cd8ebd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":30,\"y\":30,\"w\":18,\"h\":21,\"i\":\"e6e39ec1-063a-4e34-a909-4f47397fa79b\"},\"panelIndex\":\"e6e39ec1-063a-4e34-a909-4f47397fa79b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - X509","version":1},"id":"2e0865f0-75ee-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"e3fb39a0-75ee-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"47f40770-75ef-11ea-9565-7315f4ee5cac","name":"panel_4","type":"visualization"},{"id":"b7334c00-75ee-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"8d4a9990-c77c-11ea-bebb-37c5ab5894ea","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-16T15:55:10.553Z","version":"WzgyMiwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Cookie","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.cookie.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.cookie.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cookie\"}}]}"},"id":"2e7363f0-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI0OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Entry","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Entry\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"entry.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Entry\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"entry_location.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Entry Location\"}}],\"listeners\":{}}"},"id":"2ef9ccd0-6d7a-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI0OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Change Stats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"osquery - Change Stats\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.hostIdentifier.keyword\",\"customLabel\":\"Endpoints\"}}]}"},"id":"2f556c90-14e3-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI1MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:files\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Analyzer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Analyzer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.analyzer.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.analyzer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Analyzer\"}}]}"},"id":"2fc4bea0-7730-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI1MSwxXQ=="} +{"attributes":{"columns":["source_ip","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_dnp3\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNP3 - Logs","version":1},"id":"c2587840-342d-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI1MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNP3 - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"593f1850-3581-11e7-98ef-19df58fe538b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI1MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"dde8c8a0-3719-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI1NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"ef7546c0-3719-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI1NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"4898f230-6e0e-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI1NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNP3 - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DNP3 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG9DWvxQT5EBNmq3-m","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI1NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNP3 - Function Request","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Function Request\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_request.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request\"}}]}"},"id":"857c6760-4a4d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI1OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNP3 - Function Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNP3 - Function Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"fc_reply.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Reply\"}}]}"},"id":"bd5435f0-4a4d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI1OSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":8,\"y\":32,\"w\":12,\"h\":24,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":20,\"y\":32,\"w\":12,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":24,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"x\":32,\"y\":32,\"w\":16,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"14\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - DNP3","version":1},"id":"2fdf5bf0-3581-11e7-98ef-19df58fe538b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"593f1850-3581-11e7-98ef-19df58fe538b","name":"panel_1","type":"visualization"},{"id":"dde8c8a0-3719-11e7-90f8-87842d5eedc9","name":"panel_2","type":"visualization"},{"id":"ef7546c0-3719-11e7-90f8-87842d5eedc9","name":"panel_3","type":"visualization"},{"id":"c2587840-342d-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"4898f230-6e0e-11e7-8624-1fb07dd76c6a","name":"panel_5","type":"visualization"},{"id":"AWDG9DWvxQT5EBNmq3-m","name":"panel_6","type":"visualization"},{"id":"857c6760-4a4d-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"},{"id":"bd5435f0-4a4d-11e8-9b0a-f1d33346f773","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI2MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Intel - Seen (Donut Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Intel - Seen (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"seen_where.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Seen (Where)\"}}]}"},"id":"3013af40-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI2MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RADIUS - Authentication Result","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"RADIUS - Authentication Result\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"result.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"30348db0-4a5b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI2MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - File/Path Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"SMB - File/Path Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"File Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"action.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}"},"id":"306c4330-4175-11e7-a0f7-47f4c03e3306","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI2MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_hostname.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}]}"},"id":"3072c750-6d71-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI2NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security Onion - Navigation","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Navigation\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Event Category** \\n[Alert](/kibana/app/kibana#/dashboard/0e4af1d0-72ae-11ea-8dd2-9d8795a1200b) | \\n[File](/kibana/app/kibana#/dashboard/0245be10-6ec1-11ea-9266-1fd14ca6af34) |\\n[Host](/kibana/app/kibana#/dashboard/92e63cc0-6ec0-11ea-9266-1fd14ca6af34) | [Network](/kibana/app/kibana#/dashboard/04ff3ef0-6ea4-11ea-9266-1fd14ca6af34) \"},\"aggs\":[]}"},"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI2NSwxXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - All Logs","version":1},"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI2NiwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":9,\"h\":8,\"i\":\"c706b8e5-9d49-4700-a3ea-26e86ac3a4c4\"},\"panelIndex\":\"c706b8e5-9d49-4700-a3ea-26e86ac3a4c4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":0,\"w\":16,\"h\":8,\"i\":\"77c5d557-83e4-40b9-9177-388db29d711d\"},\"panelIndex\":\"77c5d557-83e4-40b9-9177-388db29d711d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":8,\"i\":\"f044ff9c-455a-4085-88c8-92e9ead2bba0\"},\"panelIndex\":\"f044ff9c-455a-4085-88c8-92e9ead2bba0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"54873f75-4452-4938-840d-3a2f50547a88\"},\"panelIndex\":\"54873f75-4452-4938-840d-3a2f50547a88\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":13,\"h\":19,\"i\":\"30749cb6-18ad-4069-b18d-5912086fff9c\"},\"panelIndex\":\"30749cb6-18ad-4069-b18d-5912086fff9c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":8,\"w\":13,\"h\":19,\"i\":\"7c498d50-d009-493a-a8c9-c91303ad5556\"},\"panelIndex\":\"7c498d50-d009-493a-a8c9-c91303ad5556\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":35,\"y\":8,\"w\":13,\"h\":19,\"i\":\"2f69e716-e6e9-4595-801d-8f59b7d2c574\"},\"panelIndex\":\"2f69e716-e6e9-4595-801d-8f59b7d2c574\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":31,\"i\":\"6ddfd0a2-337e-47d1-8d4c-bc386a4210af\"},\"panelIndex\":\"6ddfd0a2-337e-47d1-8d4c-bc386a4210af\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Indicator","version":1},"id":"30d0ac90-729f-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"d9eb5b30-6ea9-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"search"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI2NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"id":"30e97190-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI2OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"312cd460-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI2OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Server Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.server_major_version.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.server_major_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.server_minor_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Minor Version\"}}]}"},"id":"316e90a0-75c8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI3MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"id":"317f8410-3655-11e7-baa7-b7de4ee40605","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI3MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"31f5e040-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI3MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Host Data","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Modules** \\n[Osquery](/kibana/app/kibana#/dashboard/bf7cf8d0-7732-11ea-bee5-af7f7c7b8e05) \\n[Sysmon](/kibana/app/kibana#/dashboard/32f01e80-c780-11ea-bebb-37c5ab5894ea) \\n[Wazuh](/kibana/app/kibana#/dashboard/9480f190-7732-11ea-bee5-af7f7c7b8e05) \\n\"},\"title\":\"Security Onion - Host Data\"}"},"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-07-16T16:20:30.720Z","version":"WzgzOCwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Username\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - Username\"}"},"id":"767c89f0-af4c-11ea-b262-353d451b125b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ2NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Process CLI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - Process CLI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"process.command_line.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.command_line.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Line\"}}]}"},"id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ2NSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:sysmon\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"7f9eaa30-b358-4027-a312-249defe273c4\"},\"panelIndex\":\"7f9eaa30-b358-4027-a312-249defe273c4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":7,\"i\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},\"panelIndex\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":7,\"i\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},\"panelIndex\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":16,\"i\":\"a49b6a25-fbb1-45bb-9585-c6ade0fced1f\"},\"panelIndex\":\"a49b6a25-fbb1-45bb-9585-c6ade0fced1f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":12,\"y\":7,\"w\":12,\"h\":16,\"i\":\"0172c75f-b90b-4bd6-852f-0852a2ace598\"},\"panelIndex\":\"0172c75f-b90b-4bd6-852f-0852a2ace598\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":24,\"y\":7,\"w\":24,\"h\":16,\"i\":\"1d246882-3945-4a7e-b602-15ccf3f09310\"},\"panelIndex\":\"1d246882-3945-4a7e-b602-15ccf3f09310\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":31,\"i\":\"db4fa812-32fb-43c8-baa8-e88206cae126\"},\"panelIndex\":\"db4fa812-32fb-43c8-baa8-e88206cae126\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - Sysmon","version":1},"id":"32f01e80-c780-11ea-bebb-37c5ab5894ea","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"767c89f0-af4c-11ea-b262-353d451b125b","name":"panel_4","type":"visualization"},{"id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"search"}],"type":"dashboard","updated_at":"2020-07-16T16:30:59.797Z","version":"Wzg0MSwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Tunnels - Action (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Action (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Action\"}}]}"},"id":"33b39a60-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI3MywxXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_irc\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"IRC - Logs","version":1},"id":"344c6010-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI3NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Severity (Horizontal Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false},\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Severity (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Severity\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"severity.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Severity\"}}],\"listeners\":{}}"},"id":"346e5c30-76b7-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI3NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - Share Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - Share Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.share_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"34762420-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI3NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Intel - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"361d0bd0-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI3NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Message Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.message_types.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Type\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - DHCP - Message Type\"}"},"id":"36200e40-c76b-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T13:49:47.172Z","version":"WzczOCwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Changes by Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Changes by Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Change Type\"}}]}"},"id":"369e16e0-14e4-11e9-82f7-0da02d93a48b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI3OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Certificate Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}"},"id":"3753e110-365a-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI3OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - IRC - Command Info","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - IRC - Command Info\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.command.info.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"irc.command.info.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Info\"}}]}"},"id":"db279540-75bb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI4MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - User Command Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - User Command Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.nickname.keyword: Descending\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Command Type\",\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"irc.username.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.username.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.nickname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"irc.command.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Type\"}}]}"},"id":"f7ee5fb0-75bb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI4MSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:irc\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"2d2b4444-14c0-4812-a22e-ca6d509a0c7f\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"2d2b4444-14c0-4812-a22e-ca6d509a0c7f\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\",\"w\":16,\"x\":13,\"y\":0},\"panelIndex\":\"0035e7f6-2c85-494d-88aa-0f6ebc21f6c8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"147c5d40-556b-4b41-a1bb-ed0976fae0c8\",\"w\":19,\"x\":29,\"y\":0},\"panelIndex\":\"147c5d40-556b-4b41-a1bb-ed0976fae0c8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"9a9084a5-0f74-4bdd-befd-b9bece56ea53\",\"w\":8,\"x\":0,\"y\":8},\"panelIndex\":\"9a9084a5-0f74-4bdd-befd-b9bece56ea53\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"9ffba622-36f6-4343-b0a3-1c59e3f6d297\",\"w\":9,\"x\":8,\"y\":8},\"panelIndex\":\"9ffba622-36f6-4343-b0a3-1c59e3f6d297\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"f0f0af04-4f81-437a-ada5-173a1ef8bd11\",\"w\":15,\"x\":17,\"y\":8},\"panelIndex\":\"f0f0af04-4f81-437a-ada5-173a1ef8bd11\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"3dab7339-3266-4127-86f3-eef2108d5dbf\",\"w\":16,\"x\":32,\"y\":8},\"panelIndex\":\"3dab7339-3266-4127-86f3-eef2108d5dbf\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - IRC","version":1},"id":"38523560-75ba-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"db279540-75bb-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"f7ee5fb0-75bb-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI4MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Summary - Drilldown","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Summary - Drilldown\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}"},"id":"3a1b54b0-e061-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI4MywxXQ=="} +{"attributes":{"columns":["message"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:ossec_archive\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"OSSEC - Archive","version":1},"id":"ebf74e90-342f-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI4NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"OSSEC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"OSSEC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHHXl3xQT5EBNmq42U","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI4NSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":8,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"alert_level\",\"classification\",\"description\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":48,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"columns\":[\"message\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}]","timeRestore":false,"title":"OSSEC","version":1},"id":"3a457d70-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"2817b300-3643-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"efba60c0-3642-11e7-a6f7-4f44d7bf1c33","name":"panel_2","type":"search"},{"id":"ebf74e90-342f-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"},{"id":"AWDHHXl3xQT5EBNmq42U","name":"panel_4","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI4NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Response","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Response\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.response.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"3af496e0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI4NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Image","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Sysmon - Image\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"None\",\"exclude\":\"\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"parent_image_path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"None\",\"exclude\":\"\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Parent Image\"}}]}"},"id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI4OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Priority (Vertical bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Syslog - Priority (Vertical bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Priority\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog-priority.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Priority\"}}],\"listeners\":{}}"},"id":"3bf1fdc0-76e6-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI4OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"id":"3c073d20-6e17-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI5MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Modbus - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}]}"},"id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI5MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"3cdf2400-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI5MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.action.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"3e6037d0-75f2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI5MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"id":"3f040620-4a44-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI5NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"3f34faa0-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI5NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Agent - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Agent - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"id":"407784f0-7738-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI5NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Source IP","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Source IP\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Source IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"source_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"source_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}}]}"},"id":"41a33c80-3b0d-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI5NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"41bee360-3642-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI5OCwxXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:creation_date AND creation_date:[now-3M TO now]\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"DNS - Domains with creation date < 3 months","version":1},"id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzI5OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Baby Domain Requests","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Baby Domain Requests\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"creation_date\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"_term\"}}],\"listeners\":{}}"},"id":"41ec0ca0-6f13-11e7-86c8-a1b6db3b051a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMwMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SNMP - Community String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"snmp.community.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"snmp.community.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Community String\"}}]}"},"id":"424ace90-75e9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMwMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"endpoint.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}]}"},"id":"42b17660-4a47-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMwMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 10 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"79a2a4e0-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMwMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Syslog - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-sourceip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}"},"id":"e7a99b10-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMwNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Syslog - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHKVLMxQT5EBNmq5HX","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMwNSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":24,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":24,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":48,\"h\":60,\"x\":0,\"y\":48,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"syslog-host_from\",\"syslog-priority\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}]","timeRestore":false,"title":"Syslog","version":1},"id":"4323af90-76e5-11e7-ab14-e1a4c1bc11e0","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"79a2a4e0-76e5-11e7-ab14-e1a4c1bc11e0","name":"panel_1","type":"visualization"},{"id":"e7a99b10-76e5-11e7-ab14-e1a4c1bc11e0","name":"panel_2","type":"visualization"},{"id":"0a2ce700-76e6-11e7-ab14-e1a4c1bc11e0","name":"panel_3","type":"visualization"},{"id":"3bf1fdc0-76e6-11e7-ab14-e1a4c1bc11e0","name":"panel_4","type":"visualization"},{"id":"5a86ffe0-76e3-11e7-ab14-e1a4c1bc11e0","name":"panel_5","type":"search"},{"id":"AWDHKVLMxQT5EBNmq5HX","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMwNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Tunnels - Type (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Type (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tunnel_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"43b2b040-3807-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMwNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Key Algorithm (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Certificate Key Algorithm (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"certificate_key_algorithm.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}],\"listeners\":{}}"},"id":"446e85c0-6e37-11e7-a8d6-ed2e692de531","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMwOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Least Common HTTP Methods","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Least Common HTTP Methods\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":13,\"maxFontSize\":39,\"showLabel\":false,\"metric\":{\"type\":\"vis_dimension\",\"accessor\":1,\"format\":{\"id\":\"string\",\"params\":{}}},\"bucket\":{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.method.keyword\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"6411e5b0-6eb2-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMwOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"destination.port: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"}}]}"},"id":"51ad64d0-6eb7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMxMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"id":"6d0fb2b0-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMxMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - UserAgent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - UserAgent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.useragent.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"UserAgent\"}}]}"},"id":"c2f93f40-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMxMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"http.uri.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URI\"}}]}"},"id":"f22e8660-6eb6-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMxMywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:http\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"6e3caf86-a1ea-4363-9c73-205de5f43ba9\"},\"panelIndex\":\"6e3caf86-a1ea-4363-9c73-205de5f43ba9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"0b0546ef-637b-4a40-b87b-a454b78cc810\"},\"panelIndex\":\"0b0546ef-637b-4a40-b87b-a454b78cc810\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"9c49b93a-5b5d-4613-8342-c01c69970bce\"},\"panelIndex\":\"9c49b93a-5b5d-4613-8342-c01c69970bce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":9,\"w\":9,\"h\":18,\"i\":\"377e3099-7aec-474c-9201-2f1845c58d24\"},\"panelIndex\":\"377e3099-7aec-474c-9201-2f1845c58d24\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":18,\"i\":\"15d7c88b-1619-4290-8968-fa2adfddd72f\"},\"panelIndex\":\"15d7c88b-1619-4290-8968-fa2adfddd72f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":18,\"i\":\"d1219968-6b7f-4040-9c75-0611b9cbf8a0\"},\"panelIndex\":\"d1219968-6b7f-4040-9c75-0611b9cbf8a0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":9,\"w\":23,\"h\":18,\"i\":\"1b444602-2f1c-4c32-85fc-1e5f46235303\"},\"panelIndex\":\"1b444602-2f1c-4c32-85fc-1e5f46235303\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":11,\"h\":18,\"i\":\"9b1df72c-b6fd-4abd-a961-32176c26cc3d\"},\"panelIndex\":\"9b1df72c-b6fd-4abd-a961-32176c26cc3d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":11,\"y\":27,\"w\":10,\"h\":18,\"i\":\"52c3ab70-9b8d-4c26-953d-f1a943fdff38\"},\"panelIndex\":\"52c3ab70-9b8d-4c26-953d-f1a943fdff38\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":21,\"y\":27,\"w\":27,\"h\":18,\"i\":\"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\"},\"panelIndex\":\"ea97cb71-fbb6-46ae-bb4a-4d01c3a6edb2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - HTTP","version":1},"id":"44e9c820-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"6411e5b0-6eb2-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"51ad64d0-6eb7-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"6d0fb2b0-6eb6-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"30e97190-6eb6-11ea-9266-1fd14ca6af34","name":"panel_5","type":"visualization"},{"id":"c2f93f40-6ed7-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"},{"id":"088aad70-7377-11ea-a3da-cbdb4f8a90c0","name":"panel_7","type":"visualization"},{"id":"28bf2ef0-6eb7-11ea-9266-1fd14ca6af34","name":"panel_8","type":"visualization"},{"id":"f22e8660-6eb6-11ea-9266-1fd14ca6af34","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMxNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Modbus - Function","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Modbus - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"function.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Function\"}}]}"},"id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMxNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Category","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS Alerts - Category\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Category\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":75,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Category\"}}]}"},"id":"45464b50-3af6-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMxNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Query Class (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Query Class (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"query_class_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query Class\"}}]}"},"id":"45a652b0-34c1-11e7-917c-af7a9d11771a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMxNywxXQ=="} +{"attributes":{"columns":["message","fuid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_pe\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"PE - Logs","version":1},"id":"66288140-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMxOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"PE - OS (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - OS (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"os.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"45c4ae10-380c-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMxOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.server.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.server.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}"},"id":"46221fe0-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMyMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DCE/RPC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"cbb67b00-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMyMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"f52f8bc0-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMyMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Endpoint","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"endpoint.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Endpoint\"}}],\"listeners\":{}}"},"id":"553acbb0-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMyMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Named Pipe","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"named_pipe.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Named Pipe\"}}],\"listeners\":{}}"},"id":"6b7122d0-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMyNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Operation","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"operation.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Operation\"}}],\"listeners\":{}}"},"id":"86107960-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMyNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Round Trip Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Round Trip Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rtt\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Round Trip Time\"}}]}"},"id":"f275f490-3af3-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMyNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG8k4OxQT5EBNmq37a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMyNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DCE/RPC - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DCE/RPC - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"id":"d979b0f0-4a45-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMyOCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":104,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":80,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"panelIndex\":\"17\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":80,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - DCE/RPC","version":1},"id":"46582d50-3af2-11e7-a83b-b1b4da7d15f4","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"913c5b80-3aab-11e7-8b17-0d8709b02c80","name":"panel_0","type":"search"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"cbb67b00-3af2-11e7-a83b-b1b4da7d15f4","name":"panel_2","type":"visualization"},{"id":"f52f8bc0-3af2-11e7-a83b-b1b4da7d15f4","name":"panel_3","type":"visualization"},{"id":"10b8a610-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_4","type":"visualization"},{"id":"553acbb0-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_5","type":"visualization"},{"id":"6b7122d0-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_6","type":"visualization"},{"id":"86107960-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_7","type":"visualization"},{"id":"f275f490-3af3-11e7-a83b-b1b4da7d15f4","name":"panel_8","type":"visualization"},{"id":"AWDG8k4OxQT5EBNmq37a","name":"panel_9","type":"visualization"},{"id":"d979b0f0-4a45-11e8-9b0a-f1d33346f773","name":"panel_10","type":"visualization"},{"id":"42b17660-4a47-11e8-9b0a-f1d33346f773","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMyOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sources.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}}],\"listeners\":{}}"},"id":"613de590-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMzMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"a5571030-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMzMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"ba2d3b10-399b-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMzMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Indicator","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Indicator\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"indicator.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Indicator\"}}],\"listeners\":{}}"},"id":"6380b430-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMzMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - MIME Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - MIME Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mimetype.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"MIME Type\"}}],\"listeners\":{}}"},"id":"af614b80-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMzNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Matched","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Matched\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"matched.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type Matched\"}}],\"listeners\":{}}"},"id":"c8540380-399c-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMzNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Intel - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"a5bcec80-6e15-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMzNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Intel - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Intel - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG-Qf8xQT5EBNmq4G5","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMzNywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":72,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":28,\"h\":24,\"x\":20,\"y\":48,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":0,\"y\":48,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"fuid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":72,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"17\"},\"panelIndex\":\"17\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"Bro - Intel","version":1},"id":"468022c0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"361d0bd0-35b7-11e7-a994-c528746bc6e8","name":"panel_1","type":"visualization"},{"id":"3013af40-399b-11e7-8472-0151e5b2b475","name":"panel_2","type":"visualization"},{"id":"613de590-399b-11e7-8472-0151e5b2b475","name":"panel_3","type":"visualization"},{"id":"a5571030-399b-11e7-8472-0151e5b2b475","name":"panel_4","type":"visualization"},{"id":"ba2d3b10-399b-11e7-8472-0151e5b2b475","name":"panel_5","type":"visualization"},{"id":"6380b430-399c-11e7-8472-0151e5b2b475","name":"panel_6","type":"visualization"},{"id":"af614b80-399c-11e7-8472-0151e5b2b475","name":"panel_7","type":"visualization"},{"id":"c8540380-399c-11e7-8472-0151e5b2b475","name":"panel_8","type":"visualization"},{"id":"0d4e3a60-342e-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"a5bcec80-6e15-11e7-8624-1fb07dd76c6a","name":"panel_10","type":"visualization"},{"id":"07622d60-6e16-11e7-8624-1fb07dd76c6a","name":"panel_11","type":"visualization"},{"id":"AWDG-Qf8xQT5EBNmq4G5","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMzOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Category","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Autoruns - Category\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Category\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"category.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Category\"}}],\"listeners\":{}}"},"id":"482be9b0-6d78-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzMzOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Kerberos - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"kerberos.service.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"kerberos.service.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"id":"48331f00-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM0MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Request From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Request From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.request.from.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.request.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Request From\"}}]}"},"id":"49384710-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM0MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"network.transport:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Network - Transport","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Transport\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"network.transport.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"network.transport.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Network Transport\"}}]}"},"id":"499a0690-6ead-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM0MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - Source","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - Source\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.source.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}"},"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM0MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Protocol (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Protocol (Donut Chart)\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}"},"id":"49e04860-4a4e-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM0NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Request Type (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Request Type (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"request_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Type\"}}]}"},"id":"4aa0b2a0-6e1a-11e7-89e4-613b96f597e1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM0NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network - Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network - Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IPs\"}}]}"},"id":"4adca340-6eae-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM0NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:google.com~ -highest_registered_domain:google.com AND highest_registered_domain:youtube.com~ -highest_registered_domain:youtube.com AND highest_registered_domain:facebook.com~ -highest_registered_domain:facebook.com AND highest_registered_domain:wikipedia.org~ -highest_registered_domain:wikipedia.org AND highest_registered_domain:google.co.in~ -highest_registered_domain:google.co.in AND highest_registered_domain:reddit.com~ -highest_registered_domain:reddit.com AND highest_registered_domain:amazon.com~ -highest_registered_domain:amazon.com AND highest_registered_domain:taobao.com~ -highest_registered_domain:taobao.com AND highest_registered_domain:twitter.com~ -highest_registered_domain:twitter.com AND highest_registered_domain:google.co.jp~ -highest_registered_domain:google.co.jp AND highest_registered_domain:instagram.com~ -highest_registered_domain:instagram.com AND highest_registered_domain:sina.com.cn~ -highest_registered_domain:sina.com.cn AND highest_registered_domain:google.co.uk~ -highest_registered_domain:google.co.uk AND highest_registered_domain:linkedin.com~ -highest_registered_domain:linkedin.com AND highest_registered_domain:list.tmall.com~ -highest_registered_domain:list.tmall.com AND highest_registered_domain:google.com.br~ -highest_registered_domain:google.com.br AND highest_registered_domain:google.com.hk~ -highest_registered_domain:google.com.hk AND highest_registered_domain:netflix.com~ -highest_registered_domain:netflix.com AND highest_registered_domain:yahoo.co.jp~ -highest_registered_domain:yahoo.co.jp AND highest_registered_domain:pornhub.com~ -highest_registered_domain:pornhub.com AND highest_registered_domain:xvideos.com~ -highest_registered_domain:xvideos.com AND highest_registered_domain:microsoft.com~ -highest_registered_domain:microsoft.com AND highest_registered_domain:livejasmin.com~ -highest_registered_domain:livejasmin.com AND highest_registered_domain:aliexpress.com~ -highest_registered_domain:aliexpress.com AND highest_registered_domain:stackoverflow.com~ -highest_registered_domain:stackoverflow.com AND highest_registered_domain:wordpress.com~ -highest_registered_domain:wordpress.com AND highest_registered_domain:hao123.com~ -highest_registered_domain:hao123.com AND highest_registered_domain:github.com~ -highest_registered_domain:github.com AND highest_registered_domain:amazon.co.jp~ -highest_registered_domain:amazon.co.jp AND highest_registered_domain:blogspot.com~ -highest_registered_domain:blogspot.com AND highest_registered_domain:pinterest.com~ -highest_registered_domain:pinterest.com AND highest_registered_domain:bongacams.com~ -highest_registered_domain:bongacams.com AND highest_registered_domain:google.com.tr~ -highest_registered_domain:google.com.tr AND highest_registered_domain:popads.net~ -highest_registered_domain:popads.net AND highest_registered_domain:paypal.com~ -highest_registered_domain:paypal.com AND highest_registered_domain:office.com~ -highest_registered_domain:office.com AND highest_registered_domain:google.com.tw~ -highest_registered_domain:google.com.tw AND highest_registered_domain:google.com.au~ -highest_registered_domain:google.com.au AND highest_registered_domain:whatsapp.com~ -highest_registered_domain:whatsapp.com AND highest_registered_domain:microsoftonline.com~ -highest_registered_domain:microsoftonline.com\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Phishing Attempts Against Alexa Top Sites","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Phishing attempts against your domain(s)\"},\"schema\":\"metric\",\"type\":\"count\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"gauge\":{\"backStyle\":\"Full\",\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":0},{\"from\":1,\"to\":999999}],\"extendRange\":true,\"gaugeColorMode\":\"Labels\",\"gaugeStyle\":\"Full\",\"gaugeType\":\"Arc\",\"invertColors\":false,\"labels\":{\"color\":\"black\",\"show\":true},\"orientation\":\"vertical\",\"percentageMode\":false,\"scale\":{\"color\":\"#333\",\"labels\":false,\"show\":true},\"style\":{\"bgColor\":false,\"bgFill\":\"#eee\",\"bgMask\":false,\"bgWidth\":0.9,\"fontSize\":60,\"labelColor\":true,\"mask\":false,\"maskBars\":50,\"subText\":\"Edit this to reflect your domain(s)\",\"width\":0.9},\"type\":\"meter\",\"alignment\":\"horizontal\"}},\"title\":\"DNS - Phishing Attempts Against Alexa Top Sites\",\"type\":\"gauge\"}"},"id":"4d89e140-6f09-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM0NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Top Connection Duration (Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Source - Top Connection Duration (Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"source_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"id":"5ea38360-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM0OCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"mapCenter\":[14.604847155053898,0.17578125],\"mapZoom\":2}}]","timeRestore":false,"title":"Connections - Source - Top Connection Duration","version":1},"id":"4e108070-46c7-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"5ea38360-46c7-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM0OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Section Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"PE - Section Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"section_names.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"4e56b4d0-416f-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM1MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DHCP - IP to MAC Assignment","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - IP to MAC Assignment\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"assigned_ip.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mac.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP Address\"}}]}"},"id":"4e877100-4a48-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM1MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Issuer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Issuer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.issuer.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.issuer.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Issuer\"}}]}"},"id":"4e8cbf80-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM1MiwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":false}","panelsJSON":"[]","timeRestore":false,"title":"OSSEC","version":1},"id":"4f6f3440-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.3.0"},"references":[],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM1MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Server Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Server Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_major_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_minor_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}"},"id":"4fade7b0-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM1NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"e76d2eb0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM1NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Firewall - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"c3a06740-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM1NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Firewall - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"df06de60-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM1OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Destination Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"fcf75bc0-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM1OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Protocol","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Firewall - Protocol\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"ipv4_protocol.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"f8f0dbc0-6d82-11e7-912f-0950e6d5c322","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM2MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Firewall - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Firewall - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHH3kBxQT5EBNmq459","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM2MSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":60,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":36,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":36,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":24,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":16,\"h\":16,\"x\":32,\"y\":8,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":24,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":60,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{\"columns\":[\"action\",\"reason\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}]","timeRestore":false,"title":"Firewall","version":1},"id":"50173bd0-3582-11e7-98ef-19df58fe538b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"e76d2eb0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"c3a06740-6d75-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"df06de60-6d75-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"2a1eb100-6d82-11e7-bcd4-0d514e0e7da1","name":"panel_4","type":"visualization"},{"id":"fcf75bc0-6d75-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"f8f0dbc0-6d82-11e7-912f-0950e6d5c322","name":"panel_6","type":"visualization"},{"id":"37c16940-6d6b-11e7-ad64-15aa071374a6","name":"panel_7","type":"search"},{"id":"AWDHH3kBxQT5EBNmq459","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM2MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - File Size","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - File Size\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.size: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.size\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Size\"}}]}"},"id":"50b4c880-72df-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM2MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"id":"524e13b0-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM2NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Answers","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.answers.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.answers.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Answer\"}}]}"},"id":"536876a0-72ba-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM2NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Tunnels - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"53824da0-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM2NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"5393c710-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM2NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"id":"53ac63e0-365b-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM2OCwxXQ=="} +{"attributes":{"columns":["source_ip","source_port","destination_ip","destination_port","uid","_id"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_smtp\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"SMTP - Logs","version":1},"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM2OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Webmail - True/False (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SMTP - Webmail - True/False (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Webmail\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"is_webmail.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Webmail\"}}],\"listeners\":{}}"},"id":"53beb0d0-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM3MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"54d78f50-6e33-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM3MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ntlm.success: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ntlm.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"id":"e9f31a70-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM3MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Tree","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Tree\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ntlm.server.tree.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.tree.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Tree\"}}]}"},"id":"8cb83890-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM3MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - NTLM - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - NTLM - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Netbios\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"DNS\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.nb.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NetBIOS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ntlm.server.dns.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"DNS\"}}]}"},"id":"63f139c0-75c2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM3NCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:ntlm\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"4555a871-9c2c-48d4-b143-bffc6d41ea4d\"},\"panelIndex\":\"4555a871-9c2c-48d4-b143-bffc6d41ea4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":16,\"h\":9,\"i\":\"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\"},\"panelIndex\":\"0bc9ae29-cbc1-4272-ad27-9c2ff51c19ff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"d32748d9-d47b-41bb-ab9f-b59817230998\"},\"panelIndex\":\"d32748d9-d47b-41bb-ab9f-b59817230998\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":18,\"i\":\"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\"},\"panelIndex\":\"2f7a5ee8-2258-4c8d-af2d-99a9e11defa2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":18,\"i\":\"4a50def3-c905-4493-b352-59741d68326e\"},\"panelIndex\":\"4a50def3-c905-4493-b352-59741d68326e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":9,\"w\":10,\"h\":18,\"i\":\"075d7365-e106-4a1e-b003-bab7abbb7146\"},\"panelIndex\":\"075d7365-e106-4a1e-b003-bab7abbb7146\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":26,\"y\":9,\"w\":9,\"h\":18,\"i\":\"5202d0b2-7f34-4182-8e25-ec87d4df0965\"},\"panelIndex\":\"5202d0b2-7f34-4182-8e25-ec87d4df0965\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":35,\"y\":9,\"w\":13,\"h\":18,\"i\":\"f93042fa-bdd7-495f-af7b-eec95073e015\"},\"panelIndex\":\"f93042fa-bdd7-495f-af7b-eec95073e015\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - NTLM","version":1},"id":"558292e0-75c1-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"e9f31a70-75c2-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"8cb83890-75c2-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"63f139c0-75c2-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM3NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNS - Response Code Name (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.response.code_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dns.response.code_name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"title\":\"Security Onion - DNS - Response Code Name (Donut)\"}"},"id":"a9bd4090-72b9-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T14:23:44.153Z","version":"Wzc1NiwyXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dns\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\"},\"panelIndex\":\"ae3e83b1-5e53-40eb-8e4f-541e4851ddd2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":14,\"h\":9,\"i\":\"4b8b4859-bd5c-446c-94e1-6d9b57cbe922\"},\"panelIndex\":\"4b8b4859-bd5c-446c-94e1-6d9b57cbe922\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":9,\"i\":\"ee03c5c1-9e26-42e3-b569-afa2712d7047\"},\"panelIndex\":\"ee03c5c1-9e26-42e3-b569-afa2712d7047\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":19,\"i\":\"706d8a5a-a263-48d0-8eb8-12eeade27115\"},\"panelIndex\":\"706d8a5a-a263-48d0-8eb8-12eeade27115\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":19,\"i\":\"bf29b086-8b8d-47a5-8280-afeb737d6163\"},\"panelIndex\":\"bf29b086-8b8d-47a5-8280-afeb737d6163\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":18,\"y\":9,\"w\":8,\"h\":19,\"i\":\"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\"},\"panelIndex\":\"e99fb09c-6d8a-4a26-87ca-9ab82ef137c9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":26,\"y\":9,\"w\":11,\"h\":19,\"i\":\"499d1548-292c-47a9-8f26-73a6af91d004\"},\"panelIndex\":\"499d1548-292c-47a9-8f26-73a6af91d004\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":19,\"i\":\"f3761ba4-c0d3-4158-9da2-3c7740fcffc3\"},\"panelIndex\":\"f3761ba4-c0d3-4158-9da2-3c7740fcffc3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":28,\"w\":23,\"h\":21,\"i\":\"e41240ec-8024-4f3f-9de0-869622470e4d\"},\"panelIndex\":\"e41240ec-8024-4f3f-9de0-869622470e4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":23,\"y\":28,\"w\":25,\"h\":21,\"i\":\"fe297ab2-9a4b-438c-913b-7b5d1dea6182\"},\"panelIndex\":\"fe297ab2-9a4b-438c-913b-7b5d1dea6182\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - DNS","version":1},"id":"55ac6bf0-6ec4-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"13cda410-c770-11ea-bebb-37c5ab5894ea","name":"panel_6","type":"visualization"},{"id":"a9bd4090-72b9-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"07065340-72ba-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"visualization"},{"id":"536876a0-72ba-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-16T14:25:34.715Z","version":"Wzc1OCwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"IRC - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"85b1f890-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM3OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"bf959cb0-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM3OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"e4615200-35b7-11e7-a994-c528746bc6e8","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM4MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"IRC - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"IRC - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_HoKxQT5EBNmq4KN","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM4MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Destination Country","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Destination Country\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_geo.city_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination City\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"id":"f625b7b0-4a56-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM4MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"IRC - Command","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"IRC - Command\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"irc_command.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command\"}}]}"},"id":"7bc09930-4a57-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM4MywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"15\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - IRC","version":1},"id":"56a34ce0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"85b1f890-35b7-11e7-a994-c528746bc6e8","name":"panel_1","type":"visualization"},{"id":"bf959cb0-35b7-11e7-a994-c528746bc6e8","name":"panel_2","type":"visualization"},{"id":"e4615200-35b7-11e7-a994-c528746bc6e8","name":"panel_3","type":"visualization"},{"id":"344c6010-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"3c073d20-6e17-11e7-8624-1fb07dd76c6a","name":"panel_5","type":"visualization"},{"id":"AWDG_HoKxQT5EBNmq4KN","name":"panel_6","type":"visualization"},{"id":"f625b7b0-4a56-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"},{"id":"7bc09930-4a57-11e8-9b0a-f1d33346f773","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM4NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"id":"57a9a3f0-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM4NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Lease Time","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Lease Time\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"lease_time.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Lease Time\"}}]}"},"id":"58c84f60-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM4NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Devices - Log Count By Device","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Devices - Log Count By Device\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Device\"}}]}"},"id":"5b3988c0-a840-11e7-893a-1b88920b2837","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM4NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Client Build","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Client Build\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.client_build.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.client_build.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Build\"}}]}"},"id":"bdae8640-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM4OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RDP - Security Protocol","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RDP - Security Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rdp.security_protocol.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rdp.security_protocol.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}"},"id":"dad85840-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM4OSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:rdp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"1aacbaf6-078a-4b6e-bbd2-ae21a4974aba\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"8abc0250-1076-45e8-b62b-54dc7dd0cfca\",\"w\":16,\"x\":13,\"y\":0},\"panelIndex\":\"8abc0250-1076-45e8-b62b-54dc7dd0cfca\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"dc48b27e-f00b-4723-87ab-64f726e51e74\",\"w\":19,\"x\":29,\"y\":0},\"panelIndex\":\"dc48b27e-f00b-4723-87ab-64f726e51e74\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\",\"w\":9,\"x\":0,\"y\":8},\"panelIndex\":\"da3945b4-9e74-4bb9-8868-a13f1d9bc0d8\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"f4437b55-61ef-4818-a8c4-448407c7052b\",\"w\":9,\"x\":9,\"y\":8},\"panelIndex\":\"f4437b55-61ef-4818-a8c4-448407c7052b\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"33630c53-4de4-4064-a319-bd71be01dc06\",\"w\":7,\"x\":18,\"y\":8},\"panelIndex\":\"33630c53-4de4-4064-a319-bd71be01dc06\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\",\"w\":7,\"x\":25,\"y\":8},\"panelIndex\":\"ed8dee78-79d4-47cf-9ed5-6120f00f3aaf\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"35083762-4591-44ac-a31f-36bed3414af2\",\"w\":7,\"x\":32,\"y\":8},\"panelIndex\":\"35083762-4591-44ac-a31f-36bed3414af2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"66e7cf00-ec90-4df3-acd3-02fb271f0959\",\"w\":9,\"x\":39,\"y\":8},\"panelIndex\":\"66e7cf00-ec90-4df3-acd3-02fb271f0959\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - RDP","version":1},"id":"5b743150-75c5-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"bdae8640-75c5-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"dad85840-75c5-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"0c006bb0-75c6-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"2e7363f0-75c6-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM5MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Nodes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Nodes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"id":"5cba9760-6e9b-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM5MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"MySQL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"5d9031a0-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM5MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Client Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Major Version\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.client_major_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.client_minor_version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Minor Version\"}}]}"},"id":"5dcf09e0-75c8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM5MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Connection Information","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Connection Information\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"connect_info.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection Info\"}}],\"listeners\":{}}"},"id":"5df79fe0-3809-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM5NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Process Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process.executable.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Process Image\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"process.command_line.keyword: Descending\",\"aggType\":\"terms\"}]}},\"title\":\"Security Onion - Host - Process Name\"}"},"id":"5e18a970-c77f-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T16:18:12.759Z","version":"WzgzNCwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"uri.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}],\"listeners\":{}}"},"id":"5e36c370-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM5NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Argument","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Argument\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp.argument.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"5fcdb0c0-755f-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM5NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - FIle Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - FIle Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Path\"}}],\"listeners\":{}}"},"id":"60384e00-3aaf-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM5NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Data Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Data Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Data Type\"}}],\"listeners\":{}}"},"id":"60925490-34bf-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM5OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"6139edd0-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzM5OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"bf5ab2d0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQwMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Hostname (Tag Cloud)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Hostname (Tag Cloud)\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":10,\"maxFontSize\":30},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"c5d58f60-6d78-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQwMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Hostname","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Hostname\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"id":"df5e9e80-6d79-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQwMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Launch String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Launch String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"launch_string.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Launch String\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"image_path.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Image\"}}],\"listeners\":{}}"},"id":"cfd94590-6d7a-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQwMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Company","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Autoruns - Company\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":14,\"maxFontSize\":36},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"company.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"96105ff0-6d7b-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQwNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Signer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Autoruns - Signer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"signer.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signer\"}}],\"listeners\":{}}"},"id":"6cf187b0-6d7c-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQwNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Autoruns - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Autoruns - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHG1IaxQT5EBNmq4yR","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQwNiwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":40,\"h\":16,\"x\":8,\"y\":8,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":24,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":24,\"i\":\"7\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":12,\"h\":24,\"x\":24,\"y\":24,\"i\":\"8\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"10\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":28,\"h\":24,\"x\":20,\"y\":48,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":20,\"h\":24,\"x\":0,\"y\":48,\"i\":\"12\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":48,\"h\":32,\"x\":0,\"y\":120,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{\"columns\":[\"entry\",\"entry_location\",\"image_path\",\"hostname\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"14\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"Autoruns","version":1},"id":"61d43810-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"bf5ab2d0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"482be9b0-6d78-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"c5d58f60-6d78-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"1cd6a970-6d79-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"df5e9e80-6d79-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"2ef9ccd0-6d7a-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"cfd94590-6d7a-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"96105ff0-6d7b-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6cf187b0-6d7c-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"dd700830-6d69-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHG1IaxQT5EBNmq4yR","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQwNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Source Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Source Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQwOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modbus - Function","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Modbus - Function\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"modbus.function.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"modbus.function.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}}]}"},"id":"62449800-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQwOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"id":"62969db0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQxMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Destination IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Destination IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}"},"id":"62ac4060-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQxMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Desktop Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"desktop_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Desktop Name\"}}],\"listeners\":{}}"},"id":"63c072c0-371f-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQxMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Drilldown - Rule Signature","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Drilldown - Rule Signature\",\"type\":\"table\",\"params\":{\"perPage\":1,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"top_hits\",\"schema\":\"metric\",\"params\":{\"field\":\"rule_signature.keyword\",\"aggregate\":\"concat\",\"size\":1,\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"customLabel\":\"NIDS Signature\"}}]}"},"id":"6533dd40-e064-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQxMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Facility","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Syslog - Facility\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.facility.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog.facility.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Facility\"}}]}"},"id":"e017cb80-777b-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQxNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Severity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog.severity.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - Syslog - Severity\"}"},"id":"9e1a4240-c77a-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T15:40:04.068Z","version":"WzgwMCwyXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:syslog\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\"},\"panelIndex\":\"9c4d23d9-2dd5-4a9f-aa67-edc6b73f3086\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"a3e3afae-dd54-4024-9d09-608a6baecd42\"},\"panelIndex\":\"a3e3afae-dd54-4024-9d09-608a6baecd42\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\"},\"panelIndex\":\"e7dbc7be-d1ef-499a-bbb6-2963bfdaabfb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":18,\"i\":\"e1ea8adf-acd8-4577-9c81-1acb711d20ce\"},\"panelIndex\":\"e1ea8adf-acd8-4577-9c81-1acb711d20ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":18,\"i\":\"16f2046a-4417-4e78-9699-65d253db78cb\"},\"panelIndex\":\"16f2046a-4417-4e78-9699-65d253db78cb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":16,\"y\":8,\"w\":11,\"h\":18,\"i\":\"226810af-b55b-4fba-99c8-0c28ca99aa37\"},\"panelIndex\":\"226810af-b55b-4fba-99c8-0c28ca99aa37\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":27,\"y\":8,\"w\":9,\"h\":18,\"i\":\"9cc5fffe-3834-4550-84e3-33d1246f68f6\"},\"panelIndex\":\"9cc5fffe-3834-4550-84e3-33d1246f68f6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":18,\"i\":\"cdad19b0-4f35-4143-8677-0a64a64dbca6\"},\"panelIndex\":\"cdad19b0-4f35-4143-8677-0a64a64dbca6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Syslog","version":1},"id":"66499a20-75ed-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"e017cb80-777b-11ea-bee5-af7f7c7b8e05","name":"panel_6","type":"visualization"},{"id":"9e1a4240-c77a-11ea-bebb-37c5ab5894ea","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-16T15:40:57.523Z","version":"WzgwMSwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Query/Answer","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Query/Answer\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"answers.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}],\"listeners\":{}}"},"id":"e8e3b8a0-34c1-11e7-917c-af7a9d11771a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQxNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alerts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"c7eed4c0-3649-11e7-bf60-314364dd1cde","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQxOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"id":"6ef90c30-34c0-11e7-9b32-bb903919ead9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQxOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sensors - Sensor and Services (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sensors - Sensor and Services (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"sensor_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"9c979ea0-345b-11e7-8867-29a39c0f86b2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQyMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Top 50 - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Top 50 - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}]}"},"id":"73806f30-4948-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQyMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Top 50 - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Top 50 - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP\"}}]}"},"id":"c0de57b0-4948-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQyMiwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":0,\"i\":\"2\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":120,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":144,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":144,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":180,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":180,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":120,\"i\":\"16\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"18\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"18\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"hostname\",\"alert_level\",\"description\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"19\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":204,\"i\":\"19\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"20\",\"gridData\":{\"w\":48,\"h\":12,\"x\":0,\"y\":168,\"i\":\"20\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"21\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":144,\"i\":\"21\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"panelIndex\":\"22\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":96,\"i\":\"22\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"},{\"panelIndex\":\"23\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":96,\"i\":\"23\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\"},{\"panelIndex\":\"24\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"24\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_15\"},{\"panelIndex\":\"26\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":0,\"i\":\"26\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_16\",\"embeddableConfig\":{}},{\"panelIndex\":\"27\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":72,\"i\":\"27\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_17\",\"embeddableConfig\":{}},{\"panelIndex\":\"28\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":72,\"i\":\"28\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_18\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Indicator","version":1},"id":"68563ed0-34bf-11e7-9b32-bb903919ead9","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"60925490-34bf-11e7-9b32-bb903919ead9","name":"panel_1","type":"visualization"},{"id":"e8e3b8a0-34c1-11e7-917c-af7a9d11771a","name":"panel_2","type":"visualization"},{"id":"ae1f1fb0-3648-11e7-bf60-314364dd1cde","name":"panel_3","type":"visualization"},{"id":"d0f56da0-3648-11e7-bf60-314364dd1cde","name":"panel_4","type":"visualization"},{"id":"8ba31820-34c6-11e7-8360-0b86c90983fd","name":"panel_5","type":"visualization"},{"id":"7153e7f0-34c7-11e7-8360-0b86c90983fd","name":"panel_6","type":"visualization"},{"id":"c7eed4c0-3649-11e7-bf60-314364dd1cde","name":"panel_7","type":"visualization"},{"id":"45a652b0-34c1-11e7-917c-af7a9d11771a","name":"panel_8","type":"visualization"},{"id":"d9096bb0-342f-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"panel_10","type":"search"},{"id":"934fe550-6e08-11e7-9370-174c4785d3e1","name":"panel_11","type":"visualization"},{"id":"3f4abb40-6e0a-11e7-84cc-b363f104b3c7","name":"panel_12","type":"visualization"},{"id":"53ac63e0-365b-11e7-8bd0-1db2c55fb7a1","name":"panel_13","type":"visualization"},{"id":"6ef90c30-34c0-11e7-9b32-bb903919ead9","name":"panel_14","type":"visualization"},{"id":"07fdf9e0-39ad-11e7-8472-0151e5b2b475","name":"panel_15","type":"visualization"},{"id":"9c979ea0-345b-11e7-8867-29a39c0f86b2","name":"panel_16","type":"visualization"},{"id":"73806f30-4948-11e8-9576-313be7c6b44b","name":"panel_17","type":"visualization"},{"id":"c0de57b0-4948-11e8-9576-313be7c6b44b","name":"panel_18","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQyMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Data - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"id":"689991b0-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQyNCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"mapCenter\":[25.16517336866393,0.17578125],\"mapZoom\":2}}]","timeRestore":false,"title":"Connections - Source - Originator Bytes","version":1},"id":"68f738e0-46ca-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"05809df0-46cb-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQyNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMTP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SMTP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"snmp.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}"},"id":"690ef880-75e9-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQyNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Weird - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}}]}"},"id":"691ade50-4c85-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQyNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"c97cd4c0-35ba-11e7-b9ee-834112670159","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQyOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}}],\"listeners\":{}}"},"id":"710ccbf0-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQyOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Success Status (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Success Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"kerberos_success.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"b31231c0-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQzMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}],\"listeners\":{}}"},"id":"f0178840-35bb-11e7-b9ee-834112670159","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQzMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Kerberos - Cipher (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Kerberos - Cipher (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"cipher.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"e3fffae0-3635-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQzMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"84f28670-3636-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQzMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}}],\"listeners\":{}}"},"id":"f7c48a20-6e19-11e7-89e4-613b96f597e1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQzNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Renewable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Kerberos - Renewable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"renewable.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Renewable\"}}],\"listeners\":{}}"},"id":"bb748470-6e1a-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQzNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Kerberos - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Kerberos - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_UbkxQT5EBNmq4Lg","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQzNiwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"request_type\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":48,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":48,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":96,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":96,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":96,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":28,\"h\":24,\"x\":0,\"y\":72,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":72,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"Bro - Kerberos","version":1},"id":"6b0d4870-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"c97cd4c0-35ba-11e7-b9ee-834112670159","name":"panel_1","type":"visualization"},{"id":"452daa10-342e-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"710ccbf0-35bb-11e7-b9ee-834112670159","name":"panel_3","type":"visualization"},{"id":"b31231c0-35bb-11e7-b9ee-834112670159","name":"panel_4","type":"visualization"},{"id":"f0178840-35bb-11e7-b9ee-834112670159","name":"panel_5","type":"visualization"},{"id":"e3fffae0-3635-11e7-a6f7-4f44d7bf1c33","name":"panel_6","type":"visualization"},{"id":"28d04080-3636-11e7-a6f7-4f44d7bf1c33","name":"panel_7","type":"visualization"},{"id":"3f34faa0-3636-11e7-a6f7-4f44d7bf1c33","name":"panel_8","type":"visualization"},{"id":"84f28670-3636-11e7-a6f7-4f44d7bf1c33","name":"panel_9","type":"visualization"},{"id":"f7c48a20-6e19-11e7-89e4-613b96f597e1","name":"panel_10","type":"visualization"},{"id":"4aa0b2a0-6e1a-11e7-89e4-613b96f597e1","name":"panel_11","type":"visualization"},{"id":"bb748470-6e1a-11e7-b553-7f80727663c1","name":"panel_12","type":"visualization"},{"id":"AWDG_UbkxQT5EBNmq4Lg","name":"panel_13","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQzNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Destination Port","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Sysmon - Destination Port\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Port\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"6b70b840-6d75-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQzOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"6c60a280-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQzOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sysmon - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ0MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Sysmon - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_hostname.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Hostname\"}}],\"listeners\":{}}"},"id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ0MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Sysmon - Event ID (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sysmon - Event ID (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event_id\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Event Type\"}}]}"},"id":"e09f6010-6d72-11e7-b09b-f57b22df6524","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ0MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Sysmon - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Sysmon - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHHk1sxQT5EBNmq43Y","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ0MywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":96,\"i\":\"6\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":20,\"h\":28,\"x\":8,\"y\":20,\"i\":\"7\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":20,\"h\":28,\"x\":28,\"y\":20,\"i\":\"8\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"10\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":32,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"panelIndex\":\"14\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":120,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{\"columns\":[\"event_type\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"15\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"15\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"Sysmon - Logs","version":1},"id":"6d189680-6d62-11e7-8ddb-e71eb260f4a3","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"8cfdeff0-6d6b-11e7-ad64-15aa071374a6","name":"panel_1","type":"visualization"},{"id":"0eb1fd80-6d70-11e7-b09b-f57b22df6524","name":"panel_2","type":"visualization"},{"id":"3072c750-6d71-11e7-b09b-f57b22df6524","name":"panel_3","type":"visualization"},{"id":"7bc74b40-6d71-11e7-b09b-f57b22df6524","name":"panel_4","type":"visualization"},{"id":"13ed0810-6d72-11e7-b09b-f57b22df6524","name":"panel_5","type":"visualization"},{"id":"3b6c92c0-6d72-11e7-b09b-f57b22df6524","name":"panel_6","type":"visualization"},{"id":"e09f6010-6d72-11e7-b09b-f57b22df6524","name":"panel_7","type":"visualization"},{"id":"29611940-6d75-11e7-b09b-f57b22df6524","name":"panel_8","type":"visualization"},{"id":"6b70b840-6d75-11e7-b09b-f57b22df6524","name":"panel_9","type":"visualization"},{"id":"248c1d20-6d6b-11e7-ad64-15aa071374a6","name":"panel_10","type":"search"},{"id":"AWDHHk1sxQT5EBNmq43Y","name":"panel_11","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ0NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Action (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Action (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"action.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"6f883480-3aad-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ0NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.certificate.subject.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.certificate.subject.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subject\"}}]}"},"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ0NiwxXQ=="} +{"attributes":{"buildNum":29118,"dashboard:defaultDarkTheme":true,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":"100","theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"\n}"},"id":"7.6.1","references":[],"type":"config","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ0NywxXQ=="} +{"attributes":{"buildNum":30896,"dashboard:defaultDarkTheme":true,"defaultIndex":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","defaultRoute":"/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645","discover:sampleSize":"100","theme:darkMode":true,"timepicker:timeDefaults":"{\n \"from\": \"now-24h\",\n \"to\": \"now\",\n \"mode\": \"quick\"\n}"},"id":"7.7.1","references":[],"type":"config","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ0OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - MIME Flavors","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - File - MIME Flavors\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.flavors.mime.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ0OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Modbus - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG_9KpxQT5EBNmq4Oo","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ1MCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"9\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":8,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - Modbus","version":1},"id":"70c005f0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0d168a30-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"20eabd60-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"3c65f500-380b-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"52dc9fe0-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"178209e0-6e1b-11e7-b553-7f80727663c1","name":"panel_5","type":"visualization"},{"id":"AWDG_9KpxQT5EBNmq4Oo","name":"panel_6","type":"visualization"},{"id":"453f8b90-4a58-11e8-9b0a-f1d33346f773","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ1MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Change Stats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"osquery - ChromeExt - Change Stats\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":70}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Changes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"osquery.hostIdentifier.keyword\",\"customLabel\":\"Endpoints\"}}]}"},"id":"71538370-18d5-11e9-932c-d12d2cf4ee95","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ1MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Total Bytes Per Source/Destination IP Pair","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"total_bytes\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_term\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Source IP\",\"field\":\"source_ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"2-orderAgg\",\"params\":{\"field\":\"total_bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Destination IP\",\"field\":\"destination_ip\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderAgg\":{\"enabled\":true,\"id\":\"3-orderAgg\",\"params\":{\"field\":\"total_bytes\"},\"schema\":{\"aggFilter\":[\"!top_hits\",\"!percentiles\",\"!median\",\"!std_dev\",\"!derivative\",\"!moving_avg\",\"!serial_diff\",\"!cumulative_sum\",\"!avg_bucket\",\"!max_bucket\",\"!min_bucket\",\"!sum_bucket\"],\"deprecate\":false,\"editor\":false,\"group\":\"none\",\"hideCustomLabel\":true,\"max\":null,\"min\":0,\"name\":\"orderAgg\",\"params\":[],\"title\":\"Order Agg\"},\"type\":\"cardinality\"},\"orderBy\":\"custom\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Connections - Total Bytes Per Source/Destination IP Pair\",\"type\":\"table\"}"},"id":"726cc040-48cf-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ1MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - File Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - File Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"File Name\"}}],\"listeners\":{}}"},"id":"72f0f010-3aaf-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ1NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Log Type Per Sensor/Device","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Log Type Per Sensor/Device\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"syslog-host_from.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Sensor/Device\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type\"}}]}"},"id":"733ce440-494d-11e8-9576-313be7c6b44b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ1NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Signing Algorithm","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"X.509 - Certificate Signing Algorithm\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"certificate_signing_algorithm.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Algorithm\"}}]}"},"id":"738127f0-37d7-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ1NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Command","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Command\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ftp.command.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"d3435690-755f-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ1NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - User","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"User\",\"field\":\"ftp.user.keyword\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":100},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"/kibana\",\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\"}}},\"label\":\"ftp.user.keyword: Descending\",\"params\":{}}],\"metrics\":[{\"accessor\":1,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"title\":\"Security Onion - FTP - User\",\"type\":\"table\"}"},"id":"8346bc70-7561-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ1OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FTP - Password","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FTP - Password\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ftp.password.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ftp.password.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Password\"}}]}"},"id":"bc3e2bd0-7561-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ1OSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:ftp\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\"},\"panelIndex\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":15,\"h\":8,\"i\":\"1b99097d-a957-4163-9810-263a0e653c18\"},\"panelIndex\":\"1b99097d-a957-4163-9810-263a0e653c18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":8,\"i\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},\"panelIndex\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\"},\"panelIndex\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},\"panelIndex\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":8,\"w\":13,\"h\":19,\"i\":\"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\"},\"panelIndex\":\"1bf79bc6-8595-41e0-8a7e-2b21bd2bd928\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":8,\"w\":17,\"h\":19,\"i\":\"e244437a-17a5-4e00-9176-f4e88ac54938\"},\"panelIndex\":\"e244437a-17a5-4e00-9176-f4e88ac54938\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":22,\"h\":16,\"i\":\"9196bb67-30ad-4a8e-b75f-22a9cced6f35\"},\"panelIndex\":\"9196bb67-30ad-4a8e-b75f-22a9cced6f35\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":27,\"w\":26,\"h\":16,\"i\":\"9da1ff1b-aebe-45fb-9e48-420eafb1b655\"},\"panelIndex\":\"9da1ff1b-aebe-45fb-9e48-420eafb1b655\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - FTP","version":1},"id":"739bfad0-755a-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"d3435690-755f-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"5fcdb0c0-755f-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"8346bc70-7561-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"bc3e2bd0-7561-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ2MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - \"From\" Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - \\\"From\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"mail_from.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"From\\\" Address\"}}],\"listeners\":{}}"},"id":"73b1b240-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ2MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user_agent.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}"},"id":"73f663f0-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ2MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND highest_registered_domain:securityonion.net~ -securityonion.net\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Phishing Attempts Against Organizational Domain(s)","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 0\":\"rgb(0,104,55)\",\"1 - 999999\":\"rgb(165,0,38)\"}}}","version":1,"visState":"{\"title\":\"DNS - Phishing Attempts Against Organizational Domain(s)\",\"type\":\"gauge\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"gauge\":{\"extendRange\":true,\"percentageMode\":false,\"gaugeType\":\"Arc\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"Labels\",\"colorsRange\":[{\"from\":0,\"to\":0},{\"from\":1,\"to\":999999}],\"invertColors\":false,\"labels\":{\"show\":true,\"color\":\"black\"},\"scale\":{\"show\":true,\"labels\":false,\"color\":\"#333\"},\"type\":\"meter\",\"style\":{\"bgWidth\":0.9,\"width\":0.9,\"mask\":false,\"bgMask\":false,\"maskBars\":50,\"bgFill\":\"#eee\",\"bgColor\":false,\"subText\":\"Edit this to reflect your domain(s)\",\"fontSize\":60,\"labelColor\":true},\"alignment\":\"horizontal\"}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Phishing attempts against your domain(s)\"}}],\"listeners\":{}}"},"id":"74861280-6f06-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ2MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Cookie","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Cookie\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"cookie.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Cookie\"}}],\"listeners\":{}}"},"id":"75597b60-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ2NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Tunnels - Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Tunnels - Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"tunnel.type.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tunnel.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"id":"781447d0-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ2NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"osquery - Chrome Extensions - Sensitive Permissions","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"osquery - Chrome Extensions - Sensitive Permissions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.columns.name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Extension Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.columns.permissions.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Permissions\"}}]}"},"id":"78cf8bf0-1a59-11e9-ac0b-cb0ba10141ab","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"040dda10-18d8-11e9-932c-d12d2cf4ee95","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ2OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"MySQL - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"MySQL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHBRrrxQT5EBNmq4TI","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ2OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"MySQL - Response","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"MySQL - Response\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"response.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response\"}}]}"},"id":"9c411ad0-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ3MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql_success.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"c48925a0-4a58-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ3MSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":8,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":8,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - MySQL","version":1},"id":"7929f430-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"5d9031a0-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"07e25650-3812-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"5d624230-342e-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"},{"id":"AWDHBRrrxQT5EBNmq4TI","name":"panel_4","type":"visualization"},{"id":"9c411ad0-4a58-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"c48925a0-4a58-11e8-9b0a-f1d33346f773","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ3MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - FIle - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - FIle - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File Name\"}}]}"},"id":"7a88adc0-75f0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ3MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Client Version","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Client Version\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_major_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_minor_version.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}}],\"listeners\":{}}"},"id":"7c1e3f70-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ3NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"7c922990-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ3NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_http AND _exists_:virtual_host_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP - Virtual Host Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"HTTP - Virtual Host Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"virtual_host_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"virtual_host.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Virtual Host\"}}],\"listeners\":{}}"},"id":"7d1ede50-6f19-11e7-86c8-a1b6db3b051a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ3NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - Authentication Sucess","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSH - Authentication Sucess\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssh.authentication.success: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.authentication.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"id":"7d61f430-75ea-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ3NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"7dc62970-6e2a-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ3OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Machine","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"PE - Machine\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"machine.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Machine\"}}],\"listeners\":{}}"},"id":"7de76e10-6e1f-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ3OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:highest_registered_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Highest Registered Domain Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Highest Registered Domain Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"highest_registered_domain_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}"},"id":"7f1f00a0-6f04-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ4MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS - Alerts Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ4MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"a6df8820-399f-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ4MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS Alerts - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"db04aef0-399f-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ4MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS Alerts - Severity (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"NIDS Alerts - Severity (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"priority.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Priority\"}}],\"listeners\":{}}"},"id":"ba60bcf0-3af5-11e7-a83b-b1b4da7d15f4","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ4NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alerts By Country (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"NIDS - Alerts By Country (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":75},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"id":"81de16f0-6e0f-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ4NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG3ym0xQT5EBNmq3mG","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ4NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Alert Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Alert Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}]}"},"id":"96c2cf10-4a3d-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ4NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"NIDS - Classification","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"NIDS - Classification\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"classification.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Classification\"}}]}"},"id":"d66d54c0-4c89-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ4OCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"4\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":48,\"h\":68,\"x\":0,\"y\":120,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":96,\"i\":\"8\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":96,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":72,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":72,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"14\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"15\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":32,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}},{\"panelIndex\":\"16\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"16\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"17\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":44,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"panelIndex\":\"18\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":72,\"i\":\"18\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"19\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"19\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"NIDS","version":1},"id":"7f27a830-34e5-11e7-9669-7f1d3242b798","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"a6df8820-399f-11e7-8472-0151e5b2b475","name":"panel_3","type":"visualization"},{"id":"db04aef0-399f-11e7-8472-0151e5b2b475","name":"panel_4","type":"visualization"},{"id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","name":"panel_5","type":"visualization"},{"id":"ba60bcf0-3af5-11e7-a83b-b1b4da7d15f4","name":"panel_6","type":"visualization"},{"id":"45464b50-3af6-11e7-a83b-b1b4da7d15f4","name":"panel_7","type":"visualization"},{"id":"81de16f0-6e0f-11e7-8624-1fb07dd76c6a","name":"panel_8","type":"visualization"},{"id":"AWDG3ym0xQT5EBNmq3mG","name":"panel_9","type":"visualization"},{"id":"96c2cf10-4a3d-11e8-9b0a-f1d33346f773","name":"panel_10","type":"visualization"},{"id":"3f040620-4a44-11e8-9b0a-f1d33346f773","name":"panel_11","type":"visualization"},{"id":"d66d54c0-4c89-11e8-9b0a-f1d33346f773","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ4OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination - Top Connection Duration (Tile Map)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Destination - Top Connection Duration (Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"duration\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"id":"7f7492d0-46c4-11e7-a82e-d97152153689","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ5MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - MAC","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - MAC\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.mac.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC\"}}]}"},"id":"eaa31ba0-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ5MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Requested Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Requested Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.requested_address.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Requested Address\"}}]}"},"id":"9a693c50-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ5MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Assigned Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DHCP - Assigned Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.assigned_ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned Address\"}}]}"},"id":"cc3aaf20-7374-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ5MywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dhcp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"7e10f47b-2096-452d-9b40-be150226504f\"},\"panelIndex\":\"7e10f47b-2096-452d-9b40-be150226504f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":10,\"h\":9,\"i\":\"a795e5b9-2afd-43ef-91db-cd9c23a996f9\"},\"panelIndex\":\"a795e5b9-2afd-43ef-91db-cd9c23a996f9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":9,\"i\":\"d0f65b83-17cd-4a8c-950d-06e5e88bf80b\"},\"panelIndex\":\"d0f65b83-17cd-4a8c-950d-06e5e88bf80b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":20,\"i\":\"c5565d1e-719c-4401-b886-1ad84638b855\"},\"panelIndex\":\"c5565d1e-719c-4401-b886-1ad84638b855\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":20,\"i\":\"ada9481a-335b-4091-ac4e-5f94c96e4cea\"},\"panelIndex\":\"ada9481a-335b-4091-ac4e-5f94c96e4cea\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":20,\"i\":\"bcba795f-8008-4f91-887d-35b5aff11022\"},\"panelIndex\":\"bcba795f-8008-4f91-887d-35b5aff11022\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":24,\"y\":9,\"w\":7,\"h\":20,\"i\":\"a9615bc2-7e50-4a88-be1c-53eb7096e093\"},\"panelIndex\":\"a9615bc2-7e50-4a88-be1c-53eb7096e093\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":31,\"y\":9,\"w\":17,\"h\":20,\"i\":\"87dce718-7595-4bb0-b1be-b2f51518f026\"},\"panelIndex\":\"87dce718-7595-4bb0-b1be-b2f51518f026\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - DHCP","version":1},"id":"80625c10-96dd-11ea-814e-bb515e873c2c","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"eaa31ba0-7374-11ea-a3da-cbdb4f8a90c0","name":"panel_3","type":"visualization"},{"id":"9a693c50-7374-11ea-a3da-cbdb4f8a90c0","name":"panel_4","type":"visualization"},{"id":"cc3aaf20-7374-11ea-a3da-cbdb4f8a90c0","name":"panel_5","type":"visualization"},{"id":"2af5f980-96e2-11ea-814e-bb515e873c2c","name":"panel_6","type":"visualization"},{"id":"36200e40-c76b-11ea-bebb-37c5ab5894ea","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-16T13:50:09.463Z","version":"WzczOSwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"PE - Subsystem (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - Subsystem (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"subsystem.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"807da390-380c-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ5NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - Subsytem","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.subsystem.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Subsystem\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - PE - Subsytem\"}"},"id":"80a39cb0-c762-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T12:49:05.687Z","version":"WzcyOSwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"boolean\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"mysql.success: Descending\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Success\"}}]}"},"id":"80aa0c60-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ5NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - SID","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - SID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.uuid\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Rule ID\"}}]}"},"id":"a47ffc70-96f0-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQ5OCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:alert AND event.module:suricata\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":8,\"i\":\"afb23064-13dc-4b97-b1be-cf672a6cfb56\"},\"panelIndex\":\"afb23064-13dc-4b97-b1be-cf672a6cfb56\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":8,\"i\":\"67961875-85aa-443b-9cac-130c8783cd8d\"},\"panelIndex\":\"67961875-85aa-443b-9cac-130c8783cd8d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":8,\"i\":\"44bf55fb-18d8-4ae6-a15a-902042d3623c\"},\"panelIndex\":\"44bf55fb-18d8-4ae6-a15a-902042d3623c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":10,\"h\":20,\"i\":\"ab088b32-c40e-4a1c-9dcd-758c1ad97edc\"},\"panelIndex\":\"ab088b32-c40e-4a1c-9dcd-758c1ad97edc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":20,\"i\":\"2faea405-e4d3-488b-adfa-373b135d2122\"},\"panelIndex\":\"2faea405-e4d3-488b-adfa-373b135d2122\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":19,\"h\":20,\"i\":\"cedf23aa-c331-496a-bf27-7c9c8f587d80\"},\"panelIndex\":\"cedf23aa-c331-496a-bf27-7c9c8f587d80\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":19,\"y\":8,\"w\":9,\"h\":20,\"i\":\"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\"},\"panelIndex\":\"a2e54d3b-ee05-4d67-82d2-4ac917d9ec4b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":38,\"y\":28,\"w\":10,\"h\":18,\"i\":\"0681c2c1-531d-4f5e-a73f-8382789cbd14\"},\"panelIndex\":\"0681c2c1-531d-4f5e-a73f-8382789cbd14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":28,\"w\":16,\"h\":18,\"i\":\"728a4c22-9a7e-4152-a4d6-eed2d728abb8\"},\"panelIndex\":\"728a4c22-9a7e-4152-a4d6-eed2d728abb8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":16,\"y\":28,\"w\":22,\"h\":18,\"i\":\"32459b34-f7be-4ac0-a672-7a9697ce3bca\"},\"panelIndex\":\"32459b34-f7be-4ac0-a672-7a9697ce3bca\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - Alerts - Suricata","version":1},"id":"81057f40-7733-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"a47ffc70-96f0-11ea-814e-bb515e873c2c","name":"panel_7","type":"visualization"},{"id":"a37b9fa0-72b0-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-16T16:34:37.522Z","version":"Wzg0MiwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Response From","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Response From\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.response.from.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.response.from.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response From\"}}]}"},"id":"81a1a740-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUwMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"8261cf00-366e-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUwMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SNMP - Community String","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Community String\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"community.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Community String\"}}]}"},"id":"83a91450-4c79-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUwMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Data Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Network Data Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":true},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT30M\",\"intervalESValue\":30,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-03-24T15:15:25.819Z\",\"max\":\"2020-03-25T15:15:25.819Z\"}},\"label\":\"@timestamp per 30 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\",\"mode\":\"quick\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"8491c4b0-6eab-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUwMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DHCP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"e9a7fe80-357b-11e7-ac34-8965f6420c51","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUwNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DHCP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG80RwxQT5EBNmq38x","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUwNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Message Types","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Message Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"message_types.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Types\"}}]}"},"id":"a88e1020-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUwNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DHCP - Domain Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DHCP - Domain Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"domain_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain Name\"}}]}"},"id":"ce859b40-0edb-11e9-9846-59f545e7293f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUwNywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":76,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":21,\"y\":52,\"w\":13,\"h\":24,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":8,\"y\":52,\"w\":13,\"h\":24,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":8,\"y\":8,\"w\":40,\"h\":25,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":76,\"w\":48,\"h\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":null}}}},\"gridData\":{\"x\":34,\"y\":52,\"w\":14,\"h\":24,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":33,\"w\":26,\"h\":19,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":34,\"y\":33,\"w\":14,\"h\":19,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelIndex\":\"16\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Bro - DHCP","version":1},"id":"85348270-357b-11e7-ac34-8965f6420c51","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"e9a7fe80-357b-11e7-ac34-8965f6420c51","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"1055ada0-3655-11e7-baa7-b7de4ee40605","name":"panel_2","type":"visualization"},{"id":"317f8410-3655-11e7-baa7-b7de4ee40605","name":"panel_3","type":"visualization"},{"id":"AWDG80RwxQT5EBNmq38x","name":"panel_4","type":"visualization"},{"id":"4e877100-4a48-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"ac1799d0-342d-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"58c84f60-0edb-11e9-9846-59f545e7293f","name":"panel_7","type":"visualization"},{"id":"a88e1020-0edb-11e9-9846-59f545e7293f","name":"panel_8","type":"visualization"},{"id":"ce859b40-0edb-11e9-9846-59f545e7293f","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUwOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMB - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per minute\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"85e40a70-3aac-11e7-8b17-0d8709b02c80","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUwOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Status (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Authentication Status (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"auth.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Status\"}}],\"listeners\":{}}"},"id":"869e3030-371e-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUxMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Modbus - Exception","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Modbus - Exception\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"modbus.exception.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"modbus.exception.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Exception\"}}]}"},"id":"93cdb730-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUxMSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:modbus\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"dcdc1d0b-bec1-402d-a34b-39464e9a2749\"},\"panelIndex\":\"dcdc1d0b-bec1-402d-a34b-39464e9a2749\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"ccbb40c9-d2e4-4592-a91f-b1f6912a35f9\"},\"panelIndex\":\"ccbb40c9-d2e4-4592-a91f-b1f6912a35f9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"32fd8cfa-64ad-41d7-b4f7-2c71f351916a\"},\"panelIndex\":\"32fd8cfa-64ad-41d7-b4f7-2c71f351916a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"b15f438a-6f24-4099-90e6-d66f950029bc\"},\"panelIndex\":\"b15f438a-6f24-4099-90e6-d66f950029bc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":19,\"i\":\"089f29d5-cf23-4b6a-8b80-27911ffd6b1a\"},\"panelIndex\":\"089f29d5-cf23-4b6a-8b80-27911ffd6b1a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":8,\"w\":14,\"h\":19,\"i\":\"4154e8b1-e314-4623-aaf4-0404a108551a\"},\"panelIndex\":\"4154e8b1-e314-4623-aaf4-0404a108551a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":19,\"i\":\"8acbc44d-4fe2-42b0-a6e9-4a3bc4e4aeb6\"},\"panelIndex\":\"8acbc44d-4fe2-42b0-a6e9-4a3bc4e4aeb6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - Modbus","version":1},"id":"886a7b90-75bd-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"62449800-75be-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"93cdb730-75be-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUxMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"PE - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"9cffd160-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUxMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"PE - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"PE - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHCUeZxQT5EBNmq4Xy","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUxNCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":20,\"h\":16,\"x\":28,\"y\":8,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":16,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"fuid\",\"machine\",\"is_exe\",\"is_64bit\",\"subsystem\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":24,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":24,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Bro - PE","version":1},"id":"8a10e380-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"9cffd160-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"45c4ae10-380c-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"807da390-380c-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"66288140-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"4e56b4d0-416f-11e7-9850-b78558d0ac17","name":"panel_5","type":"visualization"},{"id":"7de76e10-6e1f-11e7-b553-7f80727663c1","name":"panel_6","type":"visualization"},{"id":"AWDHCUeZxQT5EBNmq4Xy","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUxNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"8a60eb50-365f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUxNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSH - HASSH","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSH - HASSH\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.hassh.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"8afa5f50-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUxNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Notice Generated (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Weird - Notice Generated (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"notice.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"8dbbbed0-364e-11e7-9dc3-d35061cb642d","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUxOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Client Build","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Client Build\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_build.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client Build\"}}]}"},"id":"8e18ee60-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUxOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"certificate_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}}],\"listeners\":{}}"},"id":"8fa702e0-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUyMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Files - MIME Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Files - MIME Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"file.mimetype.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"file.mimetype.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIMEType\"}}]}"},"id":"8fb3c480-75f2-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUyMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"All Sensors - Log Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"All Sensors - Log Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Log Type(s)\"}}]}"},"id":"901bda80-a83f-11e7-893a-1b88920b2837","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUyMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RADIUS - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"ccb3e270-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUyMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"b48442b0-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUyNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"cea78b70-3808-11e7-a1cc-ebc6a7e70e84","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUyNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"b0456970-6e1f-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUyNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RADIUS - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RADIUS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHCgWzxQT5EBNmq4Y5","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUyNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RADIUS - Username","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RADIUS - Username\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}}]}"},"id":"e827bab0-4a5a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUyOCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":24,\"y\":56,\"w\":24,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":56,\"w\":24,\"h\":24,\"i\":\"9\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"12\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":24,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"panelIndex\":\"16\",\"gridData\":{\"x\":8,\"y\":8,\"w\":20,\"h\":24,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - RADIUS","version":1},"id":"90b246c0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"ccb3e270-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"b48442b0-3808-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"cea78b70-3808-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"10cd7190-3809-11e7-a1cc-ebc6a7e70e84","name":"panel_4","type":"visualization"},{"id":"5df79fe0-3809-11e7-a1cc-ebc6a7e70e84","name":"panel_5","type":"visualization"},{"id":"75545310-342e-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"b0456970-6e1f-11e7-b553-7f80727663c1","name":"panel_7","type":"visualization"},{"id":"AWDHCgWzxQT5EBNmq4Y5","name":"panel_8","type":"visualization"},{"id":"e827bab0-4a5a-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"},{"id":"30348db0-4a5b-11e8-9b0a-f1d33346f773","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUyOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SIP - Destination Country (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SIP - Destination Country (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"90bf0a80-3750-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUzMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Rule - ID","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Rule - ID\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.id.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ID\"}}]}"},"id":"91bd9990-7737-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUzMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Log Count Over Time","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"92b202e0-76b4-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUzMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Host - Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Agent Name\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"agent.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}]}"},"id":"f03402e0-72bc-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUzNCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.category:host\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c743998d-d4c5-429f-87ce-67bac2649e72\"},\"panelIndex\":\"c743998d-d4c5-429f-87ce-67bac2649e72\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":15,\"h\":8,\"i\":\"8acc6336-35b7-4c1a-b0ef-3b3ec6870b1f\"},\"panelIndex\":\"8acc6336-35b7-4c1a-b0ef-3b3ec6870b1f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":8,\"i\":\"8485e0bf-8342-42ff-82b4-eb2611191060\"},\"panelIndex\":\"8485e0bf-8342-42ff-82b4-eb2611191060\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":7,\"h\":18,\"i\":\"ba08df96-10b9-4b30-803f-f40387867ccc\"},\"panelIndex\":\"ba08df96-10b9-4b30-803f-f40387867ccc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":7,\"y\":8,\"w\":7,\"h\":18,\"i\":\"254bcae3-60d3-4193-b258-6f9f3eba0af3\"},\"panelIndex\":\"254bcae3-60d3-4193-b258-6f9f3eba0af3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":14,\"y\":8,\"w\":9,\"h\":18,\"i\":\"89d115c0-ee70-4250-9742-fb3c554e69a7\"},\"panelIndex\":\"89d115c0-ee70-4250-9742-fb3c554e69a7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":23,\"y\":8,\"w\":25,\"h\":18,\"i\":\"0c1675bb-01ef-4020-95f1-3f35e0c6fad8\"},\"panelIndex\":\"0c1675bb-01ef-4020-95f1-3f35e0c6fad8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - Host","version":1},"id":"92e63cc0-6ec0-11ea-9266-1fd14ca6af34","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"f03402e0-72bc-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"758187b0-72bd-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-16T16:19:17.868Z","version":"WzgzNiwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Content Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"content_type.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Content Type\"}}],\"listeners\":{}}"},"id":"930b1600-3753-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUzNiwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:ossec AND event.dataset:alert\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c2172038-7740-458c-977a-98d139c438c2\"},\"panelIndex\":\"c2172038-7740-458c-977a-98d139c438c2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":8,\"i\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\"},\"panelIndex\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},\"panelIndex\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":12,\"h\":19,\"i\":\"1f88747a-06f5-4450-8d08-150d0cd37667\"},\"panelIndex\":\"1f88747a-06f5-4450-8d08-150d0cd37667\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":8,\"w\":11,\"h\":19,\"i\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\"},\"panelIndex\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":8,\"w\":7,\"h\":19,\"i\":\"a4bd8139-6fdd-476e-b6ff-8dd036e0f747\"},\"panelIndex\":\"a4bd8139-6fdd-476e-b6ff-8dd036e0f747\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":8,\"w\":8,\"h\":19,\"i\":\"df2cccc2-5ac2-4522-9756-76a16ba2b0ce\"},\"panelIndex\":\"df2cccc2-5ac2-4522-9756-76a16ba2b0ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":19,\"i\":\"8b5674df-aad2-4af7-aa91-90a9d3e3980c\"},\"panelIndex\":\"8b5674df-aad2-4af7-aa91-90a9d3e3980c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":21,\"i\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\"},\"panelIndex\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - Wazuh","version":1},"id":"9480f190-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"91bd9990-7737-11ea-bee5-af7f7c7b8e05","name":"panel_5","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"407784f0-7738-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_8","type":"search"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUzNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Total Number of Logs","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Total Number of Logs\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Number of Logs\"}}],\"listeners\":{}}"},"id":"AWDGyaGxxQT5EBNmq3K9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUzOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Sensors - Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Sensors - Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"sensor_name.keyword\"}}],\"listeners\":{}}"},"id":"AWDGzmzcxQT5EBNmq3Sj","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUzOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Devices - Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Devices - Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"syslog-host_from.keyword\"}}],\"listeners\":{}}"},"id":"AWDG0UDvxQT5EBNmq3WD","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU0MCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":132,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":28,\"h\":8,\"x\":20,\"y\":0,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"19\",\"gridData\":{\"w\":48,\"h\":16,\"x\":0,\"y\":56,\"i\":\"19\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"21\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"21\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"23\",\"gridData\":{\"w\":16,\"h\":32,\"x\":32,\"y\":24,\"i\":\"23\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"32\",\"gridData\":{\"w\":12,\"h\":8,\"x\":8,\"y\":0,\"i\":\"32\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"33\",\"gridData\":{\"w\":8,\"h\":16,\"x\":32,\"y\":8,\"i\":\"33\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"34\",\"gridData\":{\"w\":8,\"h\":16,\"x\":40,\"y\":8,\"i\":\"34\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"35\",\"gridData\":{\"w\":16,\"h\":8,\"x\":0,\"y\":72,\"i\":\"35\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"36\",\"gridData\":{\"w\":16,\"h\":8,\"x\":16,\"y\":72,\"i\":\"36\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"37\",\"gridData\":{\"w\":16,\"h\":8,\"x\":32,\"y\":72,\"i\":\"37\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"38\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":32,\"i\":\"38\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"panelIndex\":\"39\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":108,\"i\":\"39\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\",\"embeddableConfig\":{}},{\"panelIndex\":\"40\",\"gridData\":{\"w\":24,\"h\":28,\"x\":24,\"y\":80,\"i\":\"40\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\",\"embeddableConfig\":{}},{\"panelIndex\":\"41\",\"gridData\":{\"w\":24,\"h\":28,\"x\":0,\"y\":80,\"i\":\"41\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_15\"}]","timeRestore":false,"title":"Overview","version":1},"id":"94b52620-342a-11e7-9d52-4f090484f59e","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"panel_1","type":"search"},{"id":"1c2aeb50-365e-11e7-b896-5bdd6bfa1561","name":"panel_2","type":"visualization"},{"id":"277f3250-4161-11e7-8493-51634b0a4565","name":"panel_3","type":"visualization"},{"id":"901bda80-a83f-11e7-893a-1b88920b2837","name":"panel_4","type":"visualization"},{"id":"5b3988c0-a840-11e7-893a-1b88920b2837","name":"panel_5","type":"visualization"},{"id":"AWDGyaGxxQT5EBNmq3K9","name":"panel_6","type":"visualization"},{"id":"AWDGzmzcxQT5EBNmq3Sj","name":"panel_7","type":"visualization"},{"id":"AWDG0UDvxQT5EBNmq3WD","name":"panel_8","type":"visualization"},{"id":"AWDG1uC-xQT5EBNmq3dP","name":"panel_9","type":"visualization"},{"id":"AWDG3ym0xQT5EBNmq3mG","name":"panel_10","type":"visualization"},{"id":"AWDG4pcDxQT5EBNmq3pi","name":"panel_11","type":"visualization"},{"id":"733ce440-494d-11e8-9576-313be7c6b44b","name":"panel_12","type":"visualization"},{"id":"2a949080-4a3d-11e8-9b0a-f1d33346f773","name":"panel_13","type":"visualization"},{"id":"96c2cf10-4a3d-11e8-9b0a-f1d33346f773","name":"panel_14","type":"visualization"},{"id":"ee0ba080-4a3d-11e8-9b0a-f1d33346f773","name":"panel_15","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU0MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - PE - OS","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.os.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"OS\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - PE - OS\"}"},"id":"b449a870-c762-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T12:48:53.367Z","version":"WzcyOCwyXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:pe\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"858c0209-49ab-4c0c-9b9c-bc71e363be32\"},\"panelIndex\":\"858c0209-49ab-4c0c-9b9c-bc71e363be32\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":12,\"h\":9,\"i\":\"94db978d-70ba-4ade-a680-1297961aa832\"},\"panelIndex\":\"94db978d-70ba-4ade-a680-1297961aa832\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":9,\"i\":\"8973a749-ddc9-4476-8946-280e748da61e\"},\"panelIndex\":\"8973a749-ddc9-4476-8946-280e748da61e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":18,\"i\":\"8797e1d3-84b0-4840-9ba3-6e74f15a5f08\"},\"panelIndex\":\"8797e1d3-84b0-4840-9ba3-6e74f15a5f08\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":10,\"y\":9,\"w\":15,\"h\":18,\"i\":\"b9da8481-6781-4431-83de-c51834199de7\"},\"panelIndex\":\"b9da8481-6781-4431-83de-c51834199de7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":25,\"y\":9,\"w\":10,\"h\":18,\"i\":\"ceba5670-4f26-411e-a19a-e130cf715228\"},\"panelIndex\":\"ceba5670-4f26-411e-a19a-e130cf715228\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":35,\"y\":9,\"w\":13,\"h\":18,\"i\":\"5f1b3a55-7919-448d-897c-fc7166b283d0\"},\"panelIndex\":\"5f1b3a55-7919-448d-897c-fc7166b283d0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - PE","version":1},"id":"94b55b90-c761-11ea-bebb-37c5ab5894ea","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"80a39cb0-c762-11ea-bebb-37c5ab5894ea","name":"panel_3","type":"visualization"},{"id":"b449a870-c762-11ea-bebb-37c5ab5894ea","name":"panel_4","type":"visualization"},{"id":"07419650-c763-11ea-bebb-37c5ab5894ea","name":"panel_5","type":"visualization"},{"id":"282bf2c0-c763-11ea-bebb-37c5ab5894ea","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-16T12:52:57.735Z","version":"WzczMiwyXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:snmp\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"752f2974-3abc-482c-afdc-c85cf5643cc6\",\"w\":13,\"x\":0,\"y\":0},\"panelIndex\":\"752f2974-3abc-482c-afdc-c85cf5643cc6\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"dfa3b3da-b86b-4d11-add3-c7e18c40654b\",\"w\":17,\"x\":13,\"y\":0},\"panelIndex\":\"dfa3b3da-b86b-4d11-add3-c7e18c40654b\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"4c444c07-93f9-43d2-966e-1a0db864c011\",\"w\":18,\"x\":30,\"y\":0},\"panelIndex\":\"4c444c07-93f9-43d2-966e-1a0db864c011\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\",\"w\":9,\"x\":0,\"y\":8},\"panelIndex\":\"3f20fbbb-d47b-4b9e-94a0-f5f144ce0dd2\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\",\"w\":10,\"x\":9,\"y\":8},\"panelIndex\":\"5c5850b6-1e17-4d4a-9122-8d6a6b275fb0\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"2df47b07-dcfd-46a9-a908-cd03bb3ae82e\",\"w\":11,\"x\":19,\"y\":8},\"panelIndex\":\"2df47b07-dcfd-46a9-a908-cd03bb3ae82e\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"7fec36da-2c28-4eef-9d15-bd5d64628d1d\",\"w\":18,\"x\":30,\"y\":8},\"panelIndex\":\"7fec36da-2c28-4eef-9d15-bd5d64628d1d\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - SNMP","version":1},"id":"96522610-75e8-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"424ace90-75e9-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"690ef880-75e9-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU0MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - \"To\" Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - \\\"To\\\" Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"recipient_to.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\\\"To\\\" Address\"}}],\"listeners\":{}}"},"id":"96767400-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU0MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"fd549d70-363f-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU0NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RDP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"f9a16c80-371b-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU0NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Keyboard Layout (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Keyboard Layout (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"keyboard_layout.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Keyboard Layout\"}}]}"},"id":"be7637c0-371c-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU0NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Result (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RDP - Result (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"result.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Result\"}}]}"},"id":"c4f37d70-6e20-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU0NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"RDP - Encryption Level (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"RDP - Encryption Level (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Encryption Level\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"encryption_level.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Encryption Level\"}}]}"},"id":"ef307a70-6e20-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU0OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RDP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RDP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHCvBexQT5EBNmq4aK","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU0OSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"w\":12,\"h\":12,\"x\":36,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":12,\"h\":12,\"x\":8,\"y\":8,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"w\":16,\"h\":12,\"x\":20,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":20,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":20,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"Bro - RDP","version":1},"id":"97f8c3a0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"fd549d70-363f-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"823dd600-342e-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"f9a16c80-371b-11e7-90f8-87842d5eedc9","name":"panel_3","type":"visualization"},{"id":"0b9dea80-371c-11e7-90f8-87842d5eedc9","name":"panel_4","type":"visualization"},{"id":"19dfd180-371c-11e7-90f8-87842d5eedc9","name":"panel_5","type":"visualization"},{"id":"524e13b0-371c-11e7-90f8-87842d5eedc9","name":"panel_6","type":"visualization"},{"id":"75597b60-371c-11e7-90f8-87842d5eedc9","name":"panel_7","type":"visualization"},{"id":"8e18ee60-371c-11e7-90f8-87842d5eedc9","name":"panel_8","type":"visualization"},{"id":"be7637c0-371c-11e7-90f8-87842d5eedc9","name":"panel_9","type":"visualization"},{"id":"c4f37d70-6e20-11e7-b553-7f80727663c1","name":"panel_10","type":"visualization"},{"id":"ef307a70-6e20-11e7-b553-7f80727663c1","name":"panel_11","type":"visualization"},{"id":"AWDHCvBexQT5EBNmq4aK","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU1MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"9a33f9a0-365f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU1MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"9a54f150-366e-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU1MiwxXQ=="} +{"attributes":{"columns":["source_ip","name","software_type"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query_string\":{\"query\":\"event_type:bro_software\",\"analyze_wildcard\":true}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Software - Logs","version":1},"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","migrationVersion":{"search":"7.4.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU1MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Software - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Software - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version_major.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Major Version\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version_minor.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Minor Version\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"software_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}}]}"},"id":"9b0f6a80-4c7a-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU1NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"notice.note.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Notice\"}}]}"},"id":"9c6ccff0-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU1NSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"meta\":{\"negate\":true,\"disabled\":true,\"alias\":\"Initial Systems/Queries\",\"type\":\"phrase\",\"key\":\"osquery.counter\",\"value\":\"0\",\"params\":{\"query\":0,\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"osquery.counter\":{\"query\":0,\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"osquery.codename\",\"value\":\"server\",\"params\":[\"server\"],\"negate\":false,\"disabled\":true,\"alias\":\"Servers Only\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"osquery.codename\":\"server\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":64,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"columns\":[\"osquery.hostname\",\"osquery.name\",\"osquery.LiveQuery\",\"osquery.EndpointIP1\",\"osquery.EndpointIP2\"]},\"gridData\":{\"x\":8,\"y\":27,\"w\":40,\"h\":21,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":13,\"i\":\"12\"},\"panelIndex\":\"12\",\"title\":\"\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":8,\"y\":13,\"w\":40,\"h\":14,\"i\":\"13\"},\"version\":\"7.3.0\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"title\":\"Changes by Type\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":13,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelIndex\":\"14\",\"embeddableConfig\":{},\"title\":\"Changes by Hostname\",\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"osquery - Overview","version":1},"id":"9d0e2da0-14e1-11e9-82f7-0da02d93a48b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"84116380-14e1-11e9-82f7-0da02d93a48b","name":"panel_1","type":"search"},{"id":"2f556c90-14e3-11e9-82f7-0da02d93a48b","name":"panel_2","type":"visualization"},{"id":"369e16e0-14e4-11e9-82f7-0da02d93a48b","name":"panel_3","type":"visualization"},{"id":"05a5ed10-14e4-11e9-82f7-0da02d93a48b","name":"panel_4","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU1NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Source Ports","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Source Ports\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source Port\"}}]}"},"id":"9d3413c0-6ea0-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU1NywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:ssh\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"b816ee0e-45c6-438d-a4ed-799d9e80a9f0\"},\"panelIndex\":\"b816ee0e-45c6-438d-a4ed-799d9e80a9f0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"cbfd7081-d82b-4e29-b21c-6e9584d67328\"},\"panelIndex\":\"cbfd7081-d82b-4e29-b21c-6e9584d67328\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"d9b0c92a-8625-4e72-8a7c-333381e17244\"},\"panelIndex\":\"d9b0c92a-8625-4e72-8a7c-333381e17244\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"766c95ce-e20f-4e88-935f-2211b7be6b65\"},\"panelIndex\":\"766c95ce-e20f-4e88-935f-2211b7be6b65\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\"},\"panelIndex\":\"e9ec8c9e-8a76-4501-abcb-2c9c08adfc44\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":13,\"h\":19,\"i\":\"c2747e56-14c2-4a70-a1a7-e31affae20f8\"},\"panelIndex\":\"c2747e56-14c2-4a70-a1a7-e31affae20f8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":8,\"w\":15,\"h\":19,\"i\":\"ff324073-699d-4b26-b4fd-28190fa3803b\"},\"panelIndex\":\"ff324073-699d-4b26-b4fd-28190fa3803b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":17,\"h\":18,\"i\":\"248c6442-b868-4e06-bfaa-e6da2d2d7463\"},\"panelIndex\":\"248c6442-b868-4e06-bfaa-e6da2d2d7463\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":17,\"y\":27,\"w\":16,\"h\":18,\"i\":\"d24e4833-8b52-45ac-ac3f-bb31379e8380\"},\"panelIndex\":\"d24e4833-8b52-45ac-ac3f-bb31379e8380\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":18,\"i\":\"6711f807-284e-4025-99bb-cee25c0e970d\"},\"panelIndex\":\"6711f807-284e-4025-99bb-cee25c0e970d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - SSH","version":1},"id":"9dfd77e0-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"292b1db0-75ea-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"46221fe0-75ea-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"7d61f430-75ea-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"104a4a90-75eb-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"8afa5f50-75eb-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU1OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Endpoint","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Endpoint\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.endpoint.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint\"}}]}"},"id":"a427d6e0-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU1OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Named Pipe","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Named Pipe\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.named_pipe.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Named Pipe\"}}]}"},"id":"c2f21270-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU2MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DCE/RPC - Operation","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DCE/RPC - Operation\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dce_rpc.operation.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operation\"}}]}"},"id":"df7989f0-96db-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU2MSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dce_rpc\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"95dc50d5-926a-4ab3-a746-0e53f475d658\"},\"panelIndex\":\"95dc50d5-926a-4ab3-a746-0e53f475d658\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":14,\"h\":9,\"i\":\"5b559994-ed67-43c8-8eed-ab30fd8b3d26\"},\"panelIndex\":\"5b559994-ed67-43c8-8eed-ab30fd8b3d26\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":9,\"i\":\"4251a61c-1dcd-47b3-9866-f7ed939c73d4\"},\"panelIndex\":\"4251a61c-1dcd-47b3-9866-f7ed939c73d4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":21,\"i\":\"e74255f5-4dc6-4df0-ab24-032dd7d4bc02\"},\"panelIndex\":\"e74255f5-4dc6-4df0-ab24-032dd7d4bc02\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":21,\"i\":\"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\"},\"panelIndex\":\"55f5c9e0-264b-44d1-9b49-0bb7890ef4bd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":9,\"w\":9,\"h\":21,\"i\":\"2a33a3df-4690-4ea4-a71a-9c98cb612213\"},\"panelIndex\":\"2a33a3df-4690-4ea4-a71a-9c98cb612213\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":9,\"w\":8,\"h\":21,\"i\":\"ee61c32f-e801-494f-a819-b5788bed856f\"},\"panelIndex\":\"ee61c32f-e801-494f-a819-b5788bed856f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":21,\"i\":\"f7c23591-431c-4a4c-a69b-a349c37697da\"},\"panelIndex\":\"f7c23591-431c-4a4c-a69b-a349c37697da\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - DCE/RPC","version":1},"id":"9e882df0-72c5-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"a427d6e0-96db-11ea-814e-bb515e873c2c","name":"panel_5","type":"visualization"},{"id":"c2f21270-96db-11ea-814e-bb515e873c2c","name":"panel_6","type":"visualization"},{"id":"df7989f0-96db-11ea-814e-bb515e873c2c","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU2MiwxXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.module:osquery\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Security Onion - Osquery","version":1},"id":"9eed5fc0-afcb-11ea-b262-353d451b125b","migrationVersion":{"search":"7.4.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU2MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"authentication_method.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Method\"}}],\"listeners\":{}}"},"id":"bf47f4c0-371e-11e7-90f8-87842d5eedc9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU2NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"bbbe5a80-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU2NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"d6ec3570-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU2NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"RFB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"e8982270-6e21-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU2NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Authentication Method (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"RFB - Authentication Method (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"authentication_method.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Method\"}}],\"listeners\":{}}"},"id":"c24191f0-6e22-11e7-b553-7f80727663c1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU2OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"RFB - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"RFB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHC8iGxQT5EBNmq4bs","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU2OSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":56,\"i\":\"6\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"8\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":104,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"11\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":56,\"i\":\"12\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":80,\"i\":\"13\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":80,\"i\":\"14\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"15\",\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":80,\"i\":\"15\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":40,\"h\":12,\"x\":8,\"y\":20,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"panelIndex\":\"17\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"17\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"Bro - RFB","version":1},"id":"9ef20ae0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"265a04d0-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"869e3030-371e-11e7-90f8-87842d5eedc9","name":"panel_2","type":"visualization"},{"id":"bf47f4c0-371e-11e7-90f8-87842d5eedc9","name":"panel_3","type":"visualization"},{"id":"14274040-371f-11e7-90f8-87842d5eedc9","name":"panel_4","type":"visualization"},{"id":"63c072c0-371f-11e7-90f8-87842d5eedc9","name":"panel_5","type":"visualization"},{"id":"8ba53710-342e-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"bbbe5a80-6e21-11e7-b553-7f80727663c1","name":"panel_7","type":"visualization"},{"id":"d6ec3570-6e21-11e7-b553-7f80727663c1","name":"panel_8","type":"visualization"},{"id":"e8982270-6e21-11e7-b553-7f80727663c1","name":"panel_9","type":"visualization"},{"id":"4fade7b0-6e22-11e7-b553-7f80727663c1","name":"panel_10","type":"visualization"},{"id":"7c1e3f70-6e22-11e7-b553-7f80727663c1","name":"panel_11","type":"visualization"},{"id":"c24191f0-6e22-11e7-b553-7f80727663c1","name":"panel_12","type":"visualization"},{"id":"AWDHC8iGxQT5EBNmq4bs","name":"panel_13","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU3MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Content Type","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Content Type\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.content_type.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.content_type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"id":"9ff24600-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU3MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"},\"filter\":[]}"},"title":"Help","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Help\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"## Introduction\\nWelcome to the Security Onion Elastic Stack! This is our implementation of the Elastic Stack on Security Onion. The Elastic Stack consists of three primary components:\\n- `Elasticsearch` - stores logs\\n- `Logstash` - collects and enriches logs before storing them in Elasticsearch\\n- `Kibana` - web interface for visualizing logs\\n\\n## Sidebar\\nStarting on the far left side of the page, you see the Sidebar. This contains links such as:\\n- `Discover` - search data\\n- `Visualize` - create visualizations based on searches\\n- `Dashboard` - view or create dashboards based on visualizations\\n- `Timelion` - timeline analysis\\n- `Dev Tools` - query Elasticsearch directly\\n- `Management` - view or modify Kibana settings\\n- `Squert` - separate web interface for viewing NIDS and HIDS alerts\\n- `Logout` - log out of your session\\n\\nThe first six of those links are within Kibana itself. If you click one of those and then want to get back to the Dashboards area where you started, simply click the `Dashboard` link.\\n\\nClicking the `Squert` link will take you out of Kibana and into Squert. You will not be required to authenticate to Squert since you already have an active Single Sign On (SSO) session.\\n\\nClicking the `Logout` link in either Squert or Kibana will log you out of your SSO session and take you back to the logon screen.\\n\\n## Navigation Panel\\nWhen you are in the Kibana Dashboard area, the panel to the immediate right of the sidebar is the Navigation Panel and it includes links to our dashboards such as Home, Help (this page), Bro Notices, ElastAlert, HIDS, NIDS, etc. Clicking one of the links in the Navigation Panel will take you to a dashboard dedicated to that particular log type. \\n\\n## Dashboards\\nAll dashboards are designed to work at 1024x768 screen resolution in order to maximize compatibility.\\n\\n### Dashboard Hyperlinks\\n\\nThe `source_ip` and `destination_ip` fields are hyperlinked. These hyperlinks will take you to the Indicator dashboard which will help you analyze the traffic relating to that particular IP address.\\n\\n`UID` fields are also hyperlinked. This hyperlink will start a new Kibana search for that particular UID. In the case of Bro UIDs this will show you all Bro logs related to that particular connection.\\n\\nEach log entry also has an `_id` field that is hyperlinked. This hyperlink will take you to CapMe, allowing you to request full packet capture for any arbitrary log type. This assumes that the log is for tcp or udp traffic that was seen by Bro and Bro recorded it correctly in its conn.log. \\n\\n### Overview Dashboard\\nWhen you first go to the Kibana Dashboard area, you are automatically placed into the Overview dashboard, where you will see overview information, such as total number of logs and sensors. Use the information on the Overview dashboard to determine which of the other dashboards on the Navigation Panel you might want to visit next.\\n\\n### Dashboard Categories\\nOur remaining dashboards are grouped into a few categories:\\n- `Alert Data` - dashboards that display alerts created by rules or signatures\\n- `Bro Hunting` - dashboards that allow you to slice and dice network metadata for hunting\\n- `Host Hunting` - dashboards that allow you to hunt via host telemetry\\n- `Other` - dashboards that don't fit into the categories above\\n\\n### Bro Notices\\nBro sniffs network traffic and generates notices such as `SSL::Invalid Server Cert` and `TeamCymruMalwareHashRegistry::Match`.\\n\\n### ElastAlert\\nElastAlert queries Elasticsearch on a regular basis and then generates alerts based on your desired criteria. Security Onion includes two example rules that alert on new IDS events and new connection logs. You can add your own ElastAlert rules in `/etc/elastalert/rules/`.\\n\\n### HIDS\\nOSSEC analyzes log files and generates Host Intrusion Detection System alerts based on its ruleset at `/var/ossec/rules/`. You can add your own rules in `/var/ossec/rules/local_rules.xml`.\\n\\n### NIDS\\nSecurity Onion can use either Snort or Suricata to sniff network traffic and generate Network Intrusion Detection System alerts. \\n\\n### Connections\\nBro sniffs network traffic and logs connection metadata including source IP/port, destination IP/port, protocol, and number of bytes.\\n\\n### DCE/RPC\\nBro sniffs network traffic and logs DCE/RPC metadata including source IP/port, destination IP/port, operation, endpoint, and named pipe.\\n\\n### DHCP\\nBro sniffs network traffic and logs DHCP requests and responses including source IP/port, destination IP/port, and MAC addresses.\\n\\n### DNP3\\nBro sniffs network traffic and logs DNP3 metadata including source IP/port, destination IP/port, function request, function reply.\\n\\n### DNS\\nBro sniffs network traffic and logs DNS queries and answers. Bro also includes other name lookups such as Windows NetBIOS name service requests and Bonjour.\\n\\n### Files\\nBro sniffs network traffic and logs metadata related to files being transferred over the network including IP addresses, MIME type, source, and checksums.\\n\\n### FTP\\nBro sniffs network traffic and logs FTP metadata including source IP/port, destination IP/port, command, reply code, argument, and username.\\n\\n### HTTP\\nBro sniffs network traffic and logs HTTP metadata including source IP/port, destination IP/port, method, status message, MIME type, site name, referer, and user agent.\\n\\n### Intel\\nBro sniffs network traffic and watches for indicators using the Intel framework. You can add your own indicators to `/opt/bro/share/bro/intel/intel.dat`.\\n\\n### IRC\\nBro sniffs network traffic and logs IRC metadata including source IP/port, destination IP/port, command, and username.\\n\\n### Kerberos\\nBro sniffs network traffic and logs Kerberos metadata including source IP/port, destination IP/port, cipher, client, server, service, request type, and success status.\\n\\n### Modbus\\nBro sniffs network traffic and logs Modbus metadata including source IP/port, destination IP/port, and function.\\n\\n### MySQL\\nBro sniffs network traffic and logs MySQL metadata including source IP/port, destination IP/port, command/argument, status, and response.\\n\\n### NTLM\\nBro sniffs network traffic and logs NTLM metadata including source IP/port, destination IP/port, hostname, username, and status.\\n\\n### PE\\nBro sniffs network traffic and logs PE metadata including OS, subsystem, machine, and section name.\\n\\n### RADIUS\\nBro sniffs network traffic and logs RADIUS metadata including source IP/port, destination IP/port, username, and result.\\n\\n### RDP\\nBro sniffs network traffic and logs RDP metadata including source IP/port, destination IP/port, client build, keyboard layout, encryption level, and result.\\n\\n### RFB\\nBro sniffs network traffic and logs RFB metadata including source IP/port, destination IP/port, authentication method, authentication status, client version, server version, and desktop name.\\n\\n### SIP\\nBro sniffs network traffic and logs SIP metadata including source IP/port, destination IP/port, method, content type, status, uri, and user agent.\\n\\n### SMB\\nBro sniffs network traffic and logs SMB metadata including source IP/port, destination IP/port, file name, and action.\\n\\n### SMTP\\nBro sniffs network traffic and logs SMTP metadata including source IP/port, destination IP/port, from, to, subject, and user agent.\\n\\n### SNMP\\nBro sniffs network traffic and logs SNMP metadata including source IP/port, destination IP/port, version, community, and duration.\\n\\n### Software\\nBro sniffs network traffic and logs metadata relating to the kinds of software that generated that traffic including name, type, and version.\\n\\n### SSH\\nBro sniffs network traffic and logs SSH metadata including source IP/port, destination IP/port, client version, server version, and success.\\n\\n### SSL\\nBro sniffs network traffic and logs SSL metadata including source IP/port, destination IP/port, server name, certificate subject, cipher, and validation status.\\n\\n### Syslog\\nBro sniffs network traffic and logs Syslog metadata including source IP/port, destination IP/port, severity, and protocol.\\n\\n### Tunnels\\nBro sniffs network traffic and detects IP, GRE, SOCKS, TEREDO, and AVAYA tunnels. It logs metadata including source IP/port, destination IP/port, type, and action.\\n\\n### Weird\\nBro sniffs network traffic and logs protocol anomalies metadata including source IP/port, destination IP/port, and the type of anomaly.\\n\\n### X.509\\nBro sniffs network traffic and logs X.509 metadata including certificate subject, issuer, key algorithm, key length, and signing algorithm.\\n\\n### Autoruns\\nSysinternals Autoruns can identify the processes which Windows is configured to automatically run. Autoruns data can then be ingested via [Autoruns To WinEventLog](https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog).\\n\\n### Beats\\nElastic Beats can be deployed on endpoints to collect host telemetry and send to Logstash for storage in Elasticsearch.\\n\\n### OSSEC\\nOSSEC agents can be deployed on endpoints to collect host telemetry and send to the OSSEC Server included in Security Onion. OSSEC Alerts can be found in the Alert Data category at the top of the Navigation Panel. This OSSEC hunting dashboard will allow you to hunt through all OSSEC logs, not just alerts.\\n\\n### Sysmon\\nSysinternal Sysmon provides comprehensive telemetry for Windows hosts. Its logs can be consumed using Beats, OSSEC, or other transport mechanism.\\n\\n### Domain Stats\\nSecurity Onion includes a tool called domain_stats which will do a whois lookup on a domain name to determine the age of the domain. If enabled, this dashboard looks for baby domains that have been recently registered. Please note that domain_stats is only enabled when running in Evaluation Mode.\\n\\n### Firewall\\nFirewall logs can be consumed via syslog or other transport mechanism. Once consumed, this dashboard allows you to slice and dice those firewall logs based on source IP/port, destination IP/port, protocol, and action.\\n\\n### Frequency\\nSecurity Onion includes a tool called freq_server which can perform frequency analysis of hostnames. If enabled, this dashboard will show hostnames with a frequency analysis score that indicates that they could have been randomly generated. Please note that freq_server is only enabled when running in Evaluation Mode.\\n\\n### Stats\\nThis dashboard shows statistics for Logstash including processing times for different log types and any errors that may have occurred.\\n\\n## More Information\\nFor additional information, please refer to our documentation at:\\n\\nhttps://securityonion.net/docs/Elastic\",\"type\":\"markdown\"},\"aggs\":[]}"},"id":"AV6-PHKnDwoBUzALqJ_c","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU3MiwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":40,\"h\":204,\"x\":8,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Help","version":1},"id":"AV6-POJSDwoBUzALqKAg","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"AV6-PHKnDwoBUzALqJ_c","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU3MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Issuer Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Issuer Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer Common Name\"}}],\"listeners\":{}}"},"id":"a83f17c0-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU3NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_ssl AND _exists_:server_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"SSL - Certificate Server Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Certificate Server Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"server_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}}],\"listeners\":{}}"},"id":"c2e54c20-6f0b-11e7-9d31-23c0596994a7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU3NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:certificate_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Common Name Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Common Name Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"certificate_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}}],\"listeners\":{}}"},"id":"e03ba1d0-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU3NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_common_name_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Issuer Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_common_name_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_common_name.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer\"}}],\"listeners\":{}}"},"id":"acd38970-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU3NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_x509 AND _exists_:issuer_organization_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"X.509 - Certificate Issuer Organization Frequency Analysis","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Issuer Organization Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"issuer_organization_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"issuer_organization.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Issuer Organization\"}}],\"listeners\":{}}"},"id":"c3f244c0-6f0a-11e7-83d2-adea2f314dc5","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU3OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query_string\":{\"query\":\"event_type:bro_dns AND _exists_:parent_domain_frequency_score\",\"analyze_wildcard\":true}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"DNS - Parent Domain Frequency Analysis","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"DNS - Parent Domain Frequency Analysis\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"min\",\"schema\":\"metric\",\"params\":{\"field\":\"parent_domain_frequency_score\",\"customLabel\":\"Frequency Score\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"highest_registered_domain.keyword\",\"size\":50,\"order\":\"asc\",\"orderBy\":\"1\",\"customLabel\":\"Domain\"}}],\"listeners\":{}}"},"id":"c9f5d3a0-6f05-11e7-b253-211f64f37eda","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU3OSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":52,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":76,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":76,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":100,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":100,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":124,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":124,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":8,\"h\":52,\"x\":0,\"y\":0,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":48,\"h\":80,\"x\":0,\"y\":148,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":40,\"h\":28,\"x\":8,\"y\":24,\"i\":\"12\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}]","timeRestore":false,"title":"Frequency Analysis","version":1},"id":"AWAi5k4jAvKNGEbUWFis","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f1f00a0-6f04-11e7-b253-211f64f37eda","name":"panel_0","type":"visualization"},{"id":"7d1ede50-6f19-11e7-86c8-a1b6db3b051a","name":"panel_1","type":"visualization"},{"id":"8fa702e0-6f0b-11e7-9d31-23c0596994a7","name":"panel_2","type":"visualization"},{"id":"a83f17c0-6f0b-11e7-9d31-23c0596994a7","name":"panel_3","type":"visualization"},{"id":"c2e54c20-6f0b-11e7-9d31-23c0596994a7","name":"panel_4","type":"visualization"},{"id":"e03ba1d0-6f0a-11e7-83d2-adea2f314dc5","name":"panel_5","type":"visualization"},{"id":"acd38970-6f0a-11e7-83d2-adea2f314dc5","name":"panel_6","type":"visualization"},{"id":"c3f244c0-6f0a-11e7-83d2-adea2f314dc5","name":"panel_7","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_8","type":"visualization"},{"id":"aa05e920-3433-11e7-8867-29a39c0f86b2","name":"panel_9","type":"search"},{"id":"c9f5d3a0-6f05-11e7-b253-211f64f37eda","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU4MCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":40,\"h\":48,\"x\":8,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":48,\"h\":36,\"x\":0,\"y\":48,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}}]","timeRestore":false,"title":"Baby Domains","version":1},"id":"AWAi6wvxAvKNGEbUWO_j","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"41ec0ca0-6f13-11e7-86c8-a1b6db3b051a","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"fce833e0-6f12-11e7-86c8-a1b6db3b051a","name":"panel_2","type":"search"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU4MSwxXQ=="} +{"attributes":{"fieldFormatMap":"{\"process_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"event_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"apache2.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"apache2.error.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.tid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"apache2.error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.a0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.acct\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.item\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.items\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.new_auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.new_ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.old_auid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.old_ses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.record_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.res\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auditd.log.sequence\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"docker.container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AccountName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AlgorithmName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.AuthenticationPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Binary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Configuration\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ConfigurationFileHash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.CurrentDirectory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationIp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationIsIpv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DestinationPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceVersionMajor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DeviceVersionMinor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.DirtyPages\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ElevatedToken\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.EventType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ExtraInfoLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ExtraInfoString\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.FilterID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.FinalStatus\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Hashes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.HiveName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.HiveNameLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ImagePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ImpersonationLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IntegrityLevel\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IpAddress\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.IpPort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyFilePath\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyLength\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeyType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.KeysUpdated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LmPackageName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.LogonType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.NewSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.NewTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.OldTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.OriginalSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentCommandLine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentImage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentProcessGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ParentProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PreviousTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.PrivilegeList\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProcessName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ProviderName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.RestrictedAdminMode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ReturnCode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SchemaVersion\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ServiceName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.ServiceType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceHostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceIp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourceIsIpv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SourcePort\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.StartType\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.State\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.SubjectUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetFilename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetLinkedLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetLogonId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetObject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetOutboundDomainName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetOutboundUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetUserName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TargetUserSid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TerminalSessionId\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.TransmittedServices\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.User\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.UtcTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.VirtualAccount\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.Workstation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.WorkstationName\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param10\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param11\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param12\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param14\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param15\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param16\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param17\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param19\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param20\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param21\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param22\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param4\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param7\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param8\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.param9\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.serviceGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateGuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateRevisionNumber\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_data.updateTitle\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileset.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileset.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.debug.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.debug.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.debug.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.main.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.main.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.main.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.startup.facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icinga.startup.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"icinga.startup.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.component\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.trace.class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kafka.log.trace.full\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kafka.log.trace.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keywords\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container.image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.container.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.namespace\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kubernetes.pod.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.log.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.log.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.module\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.plugin_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.plugin_params\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.plugin_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.thread\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logstash.slowlog.took_in_millis\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash.slowlog.took_in_nanos\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.availability_zone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.instance_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.instance_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.machine_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.project_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.provider\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"meta.cloud.region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.error.thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.error.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.lock_time.sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.query_time.sec\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.rows_examined\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.rows_sent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.timestamp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.slowlog.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nginx.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.connection_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nginx.error.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nginx.error.tid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"opcode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.database\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"postgresql.log.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"postgresql.log.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"provider_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"read_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"record_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"redis.log.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.log.role\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.duration.us\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"redis.slowlog.key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"related_activity_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stream\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.groupadd.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.groupadd.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.dropped_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.ssh.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.sudo.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.home\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.auth.useradd.uid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system.syslog.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"task\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"thread_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.backend_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.body_sent.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.frontend_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traefik.access.geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.http_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.request_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.response_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_major\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_minor\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.os_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_agent.patch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traefik.access.user_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.identifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.binaryData\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.binaryDataSize\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.param1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.param2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_data.xml_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"xml\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-beats-*"},"id":"AWBLHZaBRuBloj96jvrD","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU4MiwxXQ=="} +{"attributes":{"columns":["computer_name","process_id","user.name","event_id","event_data.Image"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"All Beats Logs","version":1},"id":"AWBLMr9vRuBloj96jxp1","migrationVersion":{"search":"7.4.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU4MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Process IDs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Process IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"process_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"AWBLN7X2RuBloj96jxxY","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU4NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Computer Names","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Computer Names\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"computer_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"AWBLNriuRuBloj96jxv3","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU4NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Event IDs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Beats - Event IDs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"AWBLOT8MRuBloj96jx0N","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU4NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Usernames","uiStateJSON":"{\n \"vis\": {\n \"params\": {\n \"sort\": {\n \"columnIndex\": null,\n \"direction\": null\n }\n }\n }\n}","version":1,"visState":"{\"title\":\"Beats - Usernames\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"type\":\"table\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"AWBLONJCRuBloj96jxzY","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU4NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Beats - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 minutes\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"AWBLQ2__RuBloj96jyDn","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU4OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"match_all\":{}},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Beats - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Beats - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHHHR8xQT5EBNmq4z7","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"AWBLHZaBRuBloj96jvrD","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU4OSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"match_all\":{}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":48,\"h\":44,\"x\":0,\"y\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"columns\":[\"computer_name\",\"process_id\",\"user.name\",\"event_id\",\"event_data.Image\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"2\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":8,\"i\":\"2\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":8,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":28,\"h\":8,\"x\":20,\"y\":0,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":12,\"h\":8,\"x\":8,\"y\":0,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}]","timeRestore":false,"title":"Beats","version":1},"id":"AWBLNS3CRuBloj96jxub","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"AWBLMr9vRuBloj96jxp1","name":"panel_0","type":"search"},{"id":"AWBLNriuRuBloj96jxv3","name":"panel_1","type":"visualization"},{"id":"AWBLN7X2RuBloj96jxxY","name":"panel_2","type":"visualization"},{"id":"AWBLOT8MRuBloj96jx0N","name":"panel_3","type":"visualization"},{"id":"AWBLONJCRuBloj96jxzY","name":"panel_4","type":"visualization"},{"id":"AWBLQ2__RuBloj96jyDn","name":"panel_5","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_6","type":"visualization"},{"id":"AWDHHHR8xQT5EBNmq4z7","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU5MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Connections - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG71xFxQT5EBNmq336","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU5MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"DNS - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDG9Qx0xQT5EBNmq3_2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU5MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SNMP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHD-LfxQT5EBNmq4iB","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU5MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SIP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHDNS4xQT5EBNmq4dF","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU5NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMB - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SMB - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHDfDkxQT5EBNmq4fQ","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU5NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SMTP - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHDsr0xQT5EBNmq4gw","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU5NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHE-_wxQT5EBNmq4n3","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU5NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Software - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Software - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHEKJUxQT5EBNmq4jW","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU5OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SSH - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHEYk4xQT5EBNmq4k5","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzU5OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHElRWxQT5EBNmq4lz","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYwMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Tunnels - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHFYrqxQT5EBNmq4qT","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYwMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"Weird - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHGXk-xQT5EBNmq4uf","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYwMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Log Count","uiStateJSON":"{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}","version":1,"visState":"{\"title\":\"X.509 - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}"},"id":"AWDHGklsxQT5EBNmq4wG","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYwMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Connection","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Connection\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Connection ID\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"left\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\",\"customLabel\":\"Total Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"uid.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"uid.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Connection ID\"}}],\"listeners\":{}}"},"id":"f1325230-3b0d-11e7-a0fe-29878c6f414a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYwNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Destination Port","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Connections - Top 10 - Total Bytes By Destination Port\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination Port\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Max total_bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"total_bytes\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}],\"listeners\":{}}"},"id":"acd65230-3b0d-11e7-a0fe-29878c6f414a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYwNSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Top 10 - Total Bytes By Destination IP","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Total Bytes\",\"field\":\"total_bytes\"},\"schema\":\"metric\",\"type\":\"max\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"destination_ip\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Destination IP Address\",\"field\":\"destination_ip\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":5},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Destination IP Address\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"orderBucketsBySum\":false,\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Total Bytes\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Total Bytes\"},\"type\":\"value\"}]},\"title\":\"Connections - Top 10 - Total Bytes By Destination IP\",\"type\":\"histogram\"}"},"id":"eeafbb70-3b0c-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYwNiwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":71,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":20,\"h\":18,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":18,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":18,\"w\":20,\"h\":20,\"i\":\"4\"},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":38,\"w\":40,\"h\":33,\"i\":\"5\"},\"panelIndex\":\"5\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":0,\"y\":71,\"w\":48,\"h\":35,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelIndex\":\"6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":28,\"y\":18,\"w\":20,\"h\":20,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Connections - Total Bytes","version":1},"id":"a2ab0c40-3b0a-11e7-a6f9-5d3fe735ec2b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"f1325230-3b0d-11e7-a0fe-29878c6f414a","name":"panel_1","type":"visualization"},{"id":"acd65230-3b0d-11e7-a0fe-29878c6f414a","name":"panel_2","type":"visualization"},{"id":"41a33c80-3b0d-11e7-a6f9-5d3fe735ec2b","name":"panel_3","type":"visualization"},{"id":"726cc040-48cf-11e8-9576-313be7c6b44b","name":"panel_4","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"eeafbb70-3b0c-11e7-a6f9-5d3fe735ec2b","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYwNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"a5045e20-3bd1-11e7-a3ae-1754b87179c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYwOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMB - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMB - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"id":"a663e070-4c78-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYwOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SNMP - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"a67546c0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYxMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - Request - Client","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Strelka - Request - Client\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"request.client.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request.client.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}"},"id":"a7ebb450-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYxMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Data Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Data Overview\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":false,\"last_level\":false,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Category\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"url\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.category.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"ac6b1720-7559-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYxMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"observer.name:* OR agent.name:*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Log Count By Node ","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Log Count By Node \",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"observer.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"observer.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Node\"}}]}"},"id":"a9fae5c0-6e9b-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYxMywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"e243c0f0-f7cf-453e-8f5c-dc93e4651d69\",\"w\":9,\"x\":0,\"y\":0},\"panelIndex\":\"e243c0f0-f7cf-453e-8f5c-dc93e4651d69\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"5fdac8ff-799a-4d54-8dcb-ee1728d9623d\",\"w\":17,\"x\":9,\"y\":0},\"panelIndex\":\"5fdac8ff-799a-4d54-8dcb-ee1728d9623d\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"126f5365-8829-469d-8349-a08874975584\",\"w\":22,\"x\":26,\"y\":0},\"panelIndex\":\"126f5365-8829-469d-8349-a08874975584\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"9c61759c-0b14-433b-bca7-fd22f9a20630\",\"w\":22,\"x\":0,\"y\":8},\"panelIndex\":\"9c61759c-0b14-433b-bca7-fd22f9a20630\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"504e0ba1-08f7-4601-833d-6615d84e8fba\",\"w\":9,\"x\":22,\"y\":8},\"panelIndex\":\"504e0ba1-08f7-4601-833d-6615d84e8fba\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"e3425787-250b-4dad-8244-4c7ba65df3d9\",\"w\":8,\"x\":31,\"y\":8},\"panelIndex\":\"e3425787-250b-4dad-8244-4c7ba65df3d9\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":26,\"i\":\"9c133f8f-ca11-4a4b-ac5a-3dfe3b87f20e\",\"w\":9,\"x\":39,\"y\":8},\"panelIndex\":\"9c133f8f-ca11-4a4b-ac5a-3dfe3b87f20e\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - Home","version":1},"id":"a8411b30-6d03-11ea-b301-3d6c35840645","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ac6b1720-7559-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"ad398b70-6e9a-11ea-9266-1fd14ca6af34","name":"panel_4","type":"visualization"},{"id":"8b065a80-6eca-11ea-9266-1fd14ca6af34","name":"panel_5","type":"visualization"},{"id":"a9fae5c0-6e9b-11ea-9266-1fd14ca6af34","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYxNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Osquery - Query Results Count","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.result.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Query Results\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.result.hostname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.result.live_query.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Live Query Pivot\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"osquery.result.endpoint_ip1.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Endpoint Primary IP\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"title\":\"Security Onion - Osquery - Query Results Count\"}"},"id":"ab47a590-afcc-11ea-b262-353d451b125b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9eed5fc0-afcb-11ea-b262-353d451b125b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYxNSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"3919aa4b-bef6-4545-a780-484bae2df9ee\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"3919aa4b-bef6-4545-a780-484bae2df9ee\",\"version\":\"7.6.1\",\"panelRefName\":\"panel_0\"}]","timeRestore":false,"title":"Security Onion - Users","version":1},"id":"abbe1140-72c7-11ea-8dd2-9d8795a1200b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYxNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Dataset By Node","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Dataset By Node\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.dataset.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}}]}"},"id":"abffa080-6ec9-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYxNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"f5166880-374f-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYxOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Request Path","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Request Path\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request_path.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Request Path\"}}],\"listeners\":{}}"},"id":"dddb4430-3752-11e7-b74a-f5057991ccd2","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYxOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SIP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SIP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"dfd1dc00-6e24-11e7-a261-55504638cf3b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYyMCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":48,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":72,\"w\":16,\"h\":24,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":16,\"y\":72,\"w\":16,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":20,\"y\":8,\"w\":12,\"h\":16,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"11\",\"gridData\":{\"x\":0,\"y\":96,\"w\":48,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":20,\"y\":48,\"w\":28,\"h\":24,\"i\":\"13\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":32,\"y\":24,\"w\":16,\"h\":24,\"i\":\"14\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":0,\"y\":48,\"w\":20,\"h\":24,\"i\":\"15\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"16\",\"gridData\":{\"x\":8,\"y\":8,\"w\":12,\"h\":16,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}},{\"panelIndex\":\"17\",\"gridData\":{\"x\":0,\"y\":120,\"w\":48,\"h\":30,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"18\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":16,\"i\":\"18\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"19\",\"gridData\":{\"x\":32,\"y\":72,\"w\":16,\"h\":24,\"i\":\"19\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"},{\"panelIndex\":\"20\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"},{\"panelIndex\":\"21\",\"gridData\":{\"x\":8,\"y\":24,\"w\":24,\"h\":24,\"i\":\"21\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - SIP","version":1},"id":"ad3c0830-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"5393c710-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"f5166880-374f-11e7-b74a-f5057991ccd2","name":"panel_2","type":"visualization"},{"id":"04e1aea0-3750-11e7-b74a-f5057991ccd2","name":"panel_3","type":"visualization"},{"id":"90bf0a80-3750-11e7-b74a-f5057991ccd2","name":"panel_4","type":"visualization"},{"id":"dddb4430-3752-11e7-b74a-f5057991ccd2","name":"panel_5","type":"visualization"},{"id":"5e36c370-3753-11e7-b74a-f5057991ccd2","name":"panel_6","type":"visualization"},{"id":"73f663f0-3753-11e7-b74a-f5057991ccd2","name":"panel_7","type":"visualization"},{"id":"930b1600-3753-11e7-b74a-f5057991ccd2","name":"panel_8","type":"visualization"},{"id":"2db47070-3754-11e7-b74a-f5057991ccd2","name":"panel_9","type":"visualization"},{"id":"9e131480-342e-11e7-9e93-53b62e1857b2","name":"panel_10","type":"search"},{"id":"1ef5c230-6e24-11e7-a261-55504638cf3b","name":"panel_11","type":"visualization"},{"id":"dfd1dc00-6e24-11e7-a261-55504638cf3b","name":"panel_12","type":"visualization"},{"id":"AWDHDNS4xQT5EBNmq4dF","name":"panel_13","type":"visualization"},{"id":"0291dba0-4c78-11e8-9b0a-f1d33346f773","name":"panel_14","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYyMSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:files\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"257c130f-3673-410c-9f60-d67deb13b580\"},\"panelIndex\":\"257c130f-3673-410c-9f60-d67deb13b580\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":7,\"i\":\"de6206b4-7adb-44a0-ae00-2d28274478c8\"},\"panelIndex\":\"de6206b4-7adb-44a0-ae00-2d28274478c8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":7,\"i\":\"93532ba0-f446-4a97-8783-a04dd4347485\"},\"panelIndex\":\"93532ba0-f446-4a97-8783-a04dd4347485\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":8,\"h\":19,\"i\":\"a2af856c-7069-46b2-974c-e8b9054af929\"},\"panelIndex\":\"a2af856c-7069-46b2-974c-e8b9054af929\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":7,\"w\":9,\"h\":19,\"i\":\"4a3de026-5001-46a6-af20-78db885bd4bb\"},\"panelIndex\":\"4a3de026-5001-46a6-af20-78db885bd4bb\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":17,\"y\":7,\"w\":17,\"h\":19,\"i\":\"74071657-abfc-49e7-a0c3-e318b72a9d4c\"},\"panelIndex\":\"74071657-abfc-49e7-a0c3-e318b72a9d4c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":34,\"y\":7,\"w\":14,\"h\":19,\"i\":\"2379029c-c749-4804-91df-3d9be3fc4f8a\"},\"panelIndex\":\"2379029c-c749-4804-91df-3d9be3fc4f8a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":26,\"w\":21,\"h\":19,\"i\":\"0e36a0b5-5905-43c6-8ae1-f3eb348571a0\"},\"panelIndex\":\"0e36a0b5-5905-43c6-8ae1-f3eb348571a0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":21,\"y\":26,\"w\":8,\"h\":19,\"i\":\"99813eab-a19b-47d2-a8ee-8bcb667eedbf\"},\"panelIndex\":\"99813eab-a19b-47d2-a8ee-8bcb667eedbf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":26,\"w\":10,\"h\":19,\"i\":\"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\"},\"panelIndex\":\"18a734f4-78a1-4d84-9f7f-7c5aa6d3b1c2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":39,\"y\":26,\"w\":9,\"h\":19,\"i\":\"c51df9f8-9010-4cae-9c7c-76ca7af98f13\"},\"panelIndex\":\"c51df9f8-9010-4cae-9c7c-76ca7af98f13\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":24,\"i\":\"226350dd-3afe-4135-a8da-71db63287a95\"},\"panelIndex\":\"226350dd-3afe-4135-a8da-71db63287a95\",\"embeddableConfig\":{},\"panelRefName\":\"panel_11\"}]","timeRestore":false,"title":"Security Onion - Zeek Files","version":1},"id":"ad4d5d60-75f4-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"bcf25e30-75f1-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"e8d35c50-75f3-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"09fc6ef0-7732-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"2fc4bea0-7730-11ea-bee5-af7f7c7b8e05","name":"panel_8","type":"visualization"},{"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","name":"panel_9","type":"visualization"},{"id":"efc25540-75f1-11ea-9565-7315f4ee5cac","name":"panel_10","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_11","type":"search"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYyMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Destination IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Destination IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"ae4e88b0-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYyMywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Destination Country (Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SSL - Destination Country (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"destination_geo.country_name.keyword: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}"},"id":"ae959820-365c-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYyNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - TLS - True/False (Vertical Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SMTP - TLS - True/False (Vertical Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"TLS\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS\"}}],\"listeners\":{}}"},"id":"aeb71cc0-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYyNSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Initial Systems/Queries\",\"disabled\":true,\"key\":\"osquery.counter\",\"negate\":true,\"params\":{\"query\":0,\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"0\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"osquery.counter\":{\"query\":0,\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Servers Only\",\"disabled\":true,\"key\":\"osquery.codename\",\"negate\":false,\"params\":{\"query\":\"server\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"server\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"osquery.codename\":{\"query\":\"server\",\"type\":\"phrase\"}}}}],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":64,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":0,\"w\":17,\"h\":11,\"i\":\"16\"},\"panelIndex\":\"16\",\"title\":\"\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":29,\"w\":40,\"h\":20,\"i\":\"18\"},\"panelIndex\":\"18\",\"title\":\"Chrome Extensions - Logs\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":11,\"w\":40,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"title\":\"Chrome Extensions - Sensitive Permissions\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":25,\"y\":0,\"w\":23,\"h\":11,\"i\":\"20\"},\"version\":\"7.3.0\",\"panelIndex\":\"20\",\"embeddableConfig\":{},\"title\":\"Chrome Extensions - Changes by Hostname\",\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"osquery - Chrome Extensions","version":1},"id":"af0ea750-18d3-11e9-932c-d12d2cf4ee95","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"71538370-18d5-11e9-932c-d12d2cf4ee95","name":"panel_1","type":"visualization"},{"id":"0eee4360-18d4-11e9-932c-d12d2cf4ee95","name":"panel_2","type":"search"},{"id":"78cf8bf0-1a59-11e9-ac0b-cb0ba10141ab","name":"panel_3","type":"visualization"},{"id":"04f86530-1a59-11e9-ac0b-cb0ba10141ab","name":"panel_4","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYyNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security Onion - Osquery - Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"title\":\"Security Onion - Osquery - Name\"}"},"id":"af139720-afcb-11ea-b262-353d451b125b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYyNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DHCP - Message Type (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dhcp.message_types.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Type\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"title\":\"Security Onion - DHCP - Message Type (Donut)\"}"},"id":"af26c6e0-96e6-11ea-814e-bb515e873c2c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T13:48:58.637Z","version":"WzczNywyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SMTP\"}}],\"listeners\":{}}"},"id":"c47e2a10-39a1-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYyOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SMTP - Destination Country (Donut Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - Destination Country (Donut Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}]}"},"id":"dfe23030-39a1-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYyOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - TLS (Pie Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"SMTP - TLS (Pie Chart)\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"c3bb32c0-39a2-11e7-8472-0151e5b2b475","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYzMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"f18a0480-3bd0-11e7-9c09-4f161b0766dd","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYzMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - User Agent","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - User Agent\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"useragent.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}"},"id":"d776e510-6e28-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYzMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SMTP - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SMTP - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"d5aa6d00-6e29-11e7-8b76-75eee0095daa","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYzMywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":28,\"y\":32,\"i\":\"6\"},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":80,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":80,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":56,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":16,\"y\":56,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"w\":48,\"h\":28,\"x\":0,\"y\":104,\"i\":\"15\"},\"panelIndex\":\"15\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"embeddableConfig\":{},\"gridData\":{\"w\":20,\"h\":24,\"x\":8,\"y\":32,\"i\":\"16\"},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":20,\"i\":\"17\"},\"panelIndex\":\"17\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":20,\"i\":\"18\"},\"panelIndex\":\"18\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":56,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"20\"},\"panelIndex\":\"20\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\"}]","timeRestore":false,"title":"Bro - SMTP","version":1},"id":"b10a9c60-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"7c922990-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"c47e2a10-39a1-11e7-8472-0151e5b2b475","name":"panel_2","type":"visualization"},{"id":"dfe23030-39a1-11e7-8472-0151e5b2b475","name":"panel_3","type":"visualization"},{"id":"73b1b240-39a2-11e7-8472-0151e5b2b475","name":"panel_4","type":"visualization"},{"id":"96767400-39a2-11e7-8472-0151e5b2b475","name":"panel_5","type":"visualization"},{"id":"c3bb32c0-39a2-11e7-8472-0151e5b2b475","name":"panel_6","type":"visualization"},{"id":"f18a0480-3bd0-11e7-9c09-4f161b0766dd","name":"panel_7","type":"visualization"},{"id":"a5045e20-3bd1-11e7-a3ae-1754b87179c0","name":"panel_8","type":"visualization"},{"id":"a6cea530-342e-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"d776e510-6e28-11e7-8b76-75eee0095daa","name":"panel_10","type":"visualization"},{"id":"53beb0d0-6e29-11e7-8b76-75eee0095daa","name":"panel_11","type":"visualization"},{"id":"aeb71cc0-6e29-11e7-8b76-75eee0095daa","name":"panel_12","type":"visualization"},{"id":"d5aa6d00-6e29-11e7-8b76-75eee0095daa","name":"panel_13","type":"visualization"},{"id":"AWDHDsr0xQT5EBNmq4gw","name":"panel_14","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYzNCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - IIN","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - IIN\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dnp3.iin: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dnp3.iin\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IIN\"}}]}"},"id":"f991b6d0-75b8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYzNSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:dnp3\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\"},\"panelIndex\":\"728d0151-5dc6-429d-9b14-b457ab73d3fd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":15,\"h\":8,\"i\":\"1b99097d-a957-4163-9810-263a0e653c18\"},\"panelIndex\":\"1b99097d-a957-4163-9810-263a0e653c18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":0,\"w\":20,\"h\":8,\"i\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\"},\"panelIndex\":\"43bb3cf4-ee4a-4eba-8eea-8e133957fd48\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":19,\"i\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\"},\"panelIndex\":\"87f23747-38c9-4d15-a85b-8beff66abaf4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":19,\"i\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\"},\"panelIndex\":\"d10ae5ac-6400-4a2c-a376-e6e74ed529ad\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":16,\"y\":8,\"w\":12,\"h\":19,\"i\":\"a9916c8f-c82b-413d-8561-64ce0d68d3b8\"},\"panelIndex\":\"a9916c8f-c82b-413d-8561-64ce0d68d3b8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":20,\"h\":19,\"i\":\"04426d00-3313-40eb-a0c9-2541a7ea99f3\"},\"panelIndex\":\"04426d00-3313-40eb-a0c9-2541a7ea99f3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - DNP3","version":1},"id":"b1f52180-755a-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f991b6d0-75b8-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"214793c0-75b9-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYzNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Authentication Method","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Authentication Method\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.authentication.method.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.authentication.method.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}"},"id":"b2053990-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYzNywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:kerberos\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":9,\"i\":\"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\"},\"panelIndex\":\"caa0aaa2-ed03-47b4-9a9f-c0f9b8d50da9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":14,\"y\":0,\"w\":15,\"h\":9,\"i\":\"e0e4a50d-887b-472b-a790-302966fb6f49\"},\"panelIndex\":\"e0e4a50d-887b-472b-a790-302966fb6f49\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":9,\"i\":\"5cca2c4b-7299-4122-a3d5-3637ef23dc5d\"},\"panelIndex\":\"5cca2c4b-7299-4122-a3d5-3637ef23dc5d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":19,\"i\":\"aa944a94-288e-490f-9e04-f5b3bc2cf19f\"},\"panelIndex\":\"aa944a94-288e-490f-9e04-f5b3bc2cf19f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":19,\"i\":\"ebc359a7-3dce-4e7d-bd70-355cc8099437\"},\"panelIndex\":\"ebc359a7-3dce-4e7d-bd70-355cc8099437\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":9,\"w\":11,\"h\":19,\"i\":\"251dacac-b4c5-481a-9e41-8173e9bc27ab\"},\"panelIndex\":\"251dacac-b4c5-481a-9e41-8173e9bc27ab\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":31,\"y\":9,\"w\":7,\"h\":19,\"i\":\"1a78a61c-7b0a-425f-ade8-bcbb302a2585\"},\"panelIndex\":\"1a78a61c-7b0a-425f-ade8-bcbb302a2585\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":38,\"y\":9,\"w\":10,\"h\":19,\"i\":\"eba2e210-8b36-41a7-8ac5-7d63cfc022e1\"},\"panelIndex\":\"eba2e210-8b36-41a7-8ac5-7d63cfc022e1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - Kerberos","version":1},"id":"b207ab90-75bc-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"c879ad60-72a1-11ea-8dd2-9d8795a1200b","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"0ecc7310-75bd-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"2d73e460-75bd-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"48331f00-75bd-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYzOCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":104,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"4\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"8\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":32,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":24,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - SMB","version":1},"id":"b3a53710-3aaa-11e7-8b17-0d8709b02c80","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"19849f30-3aab-11e7-8b17-0d8709b02c80","name":"panel_0","type":"search"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"85e40a70-3aac-11e7-8b17-0d8709b02c80","name":"panel_2","type":"visualization"},{"id":"15b4e7a0-3aad-11e7-8b17-0d8709b02c80","name":"panel_3","type":"visualization"},{"id":"31f5e040-3aad-11e7-8b17-0d8709b02c80","name":"panel_4","type":"visualization"},{"id":"6f883480-3aad-11e7-8b17-0d8709b02c80","name":"panel_5","type":"visualization"},{"id":"60384e00-3aaf-11e7-a83b-b1b4da7d15f4","name":"panel_6","type":"visualization"},{"id":"72f0f010-3aaf-11e7-a83b-b1b4da7d15f4","name":"panel_7","type":"visualization"},{"id":"306c4330-4175-11e7-a0f7-47f4c03e3306","name":"panel_8","type":"visualization"},{"id":"AWDHDfDkxQT5EBNmq4fQ","name":"panel_9","type":"visualization"},{"id":"a663e070-4c78-11e8-9b0a-f1d33346f773","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYzOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Responder Bytes","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Responder Bytes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"respond_bytes\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"_term\",\"customLabel\":\"Responder Bytes\"}}],\"listeners\":{}}"},"id":"b50912f0-366f-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY0MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Tunnels - Type","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Tunnels - Type\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tunnel.type.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}"},"id":"b6120810-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY0MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Connections - Source - Responder Bytes ( Tile Map)","uiStateJSON":"{\"mapZoom\":3,\"mapCenter\":[39.70718665682654,-44.912109375]}","version":1,"visState":"{\"title\":\"Connections - Source - Responder Bytes ( Tile Map)\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"respond_bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.location\",\"autoPrecision\":true,\"useGeocentroid\":true,\"precision\":2}}],\"listeners\":{}}"},"id":"f3bc9fa0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY0MiwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2}}]","timeRestore":false,"title":"Connections - Source - Responder Bytes","version":1},"id":"b65775e0-46cb-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"f3bc9fa0-46cb-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY0MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"e8511600-36b8-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY0NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SNMP - Session Duration","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SNMP - Session Duration\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"duration\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Duration\"}}],\"listeners\":{}}"},"id":"e47015d0-36b9-11e7-9786-41a1d72e15ad","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY0NSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":24,\"y\":32,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":8,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":8,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":32,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":8,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - SNMP","version":1},"id":"b65c2710-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"a67546c0-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"e8511600-36b8-11e7-9786-41a1d72e15ad","name":"panel_2","type":"visualization"},{"id":"0defabb0-36b9-11e7-9786-41a1d72e15ad","name":"panel_3","type":"visualization"},{"id":"e47015d0-36b9-11e7-9786-41a1d72e15ad","name":"panel_4","type":"visualization"},{"id":"2a3ae810-36ba-11e7-9786-41a1d72e15ad","name":"panel_5","type":"visualization"},{"id":"b12150a0-342e-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"7dc62970-6e2a-11e7-8b76-75eee0095daa","name":"panel_7","type":"visualization"},{"id":"AWDHD-LfxQT5EBNmq4iB","name":"panel_8","type":"visualization"},{"id":"83a91450-4c79-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY0NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Validation Status","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Validation Status\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.validation_status.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssl.validation_status.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}"},"id":"b8371250-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY0NywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:radius\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"005ac000-9db8-4310-97d5-4574cdaf0e49\"},\"panelIndex\":\"005ac000-9db8-4310-97d5-4574cdaf0e49\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":9,\"i\":\"a65d1358-9fa9-4457-8a46-5790a748d1fa\"},\"panelIndex\":\"a65d1358-9fa9-4457-8a46-5790a748d1fa\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":9,\"i\":\"d38d991e-53e4-4b71-8e3f-c0d4b0d454da\"},\"panelIndex\":\"d38d991e-53e4-4b71-8e3f-c0d4b0d454da\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":19,\"i\":\"9304c1a2-e55f-4f51-bd04-d15892b754a4\"},\"panelIndex\":\"9304c1a2-e55f-4f51-bd04-d15892b754a4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":19,\"i\":\"7075ea4f-e935-470c-9329-9a0b15202385\"},\"panelIndex\":\"7075ea4f-e935-470c-9329-9a0b15202385\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":19,\"i\":\"91a90e9d-71f7-484c-a561-6aef6a3b8f09\"},\"panelIndex\":\"91a90e9d-71f7-484c-a561-6aef6a3b8f09\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":24,\"y\":9,\"w\":9,\"h\":19,\"i\":\"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\"},\"panelIndex\":\"9058f9ee-39d1-4e2b-a99b-ed4c2fb26efd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":19,\"i\":\"766f8f9b-3f31-47d8-9734-442fc1fcff84\"},\"panelIndex\":\"766f8f9b-3f31-47d8-9734-442fc1fcff84\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - RADIUS","version":1},"id":"b9769e60-75c4-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"767c89f0-af4c-11ea-b262-353d451b125b","name":"panel_5","type":"visualization"},{"id":"0ca071b0-75c5-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"27ab8260-75c5-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY0OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination Port\"}}]}"},"id":"bc7fbe00-4a44-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY0OSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.module:osquery\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":7,\"i\":\"7f9eaa30-b358-4027-a312-249defe273c4\"},\"panelIndex\":\"7f9eaa30-b358-4027-a312-249defe273c4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":7,\"y\":0,\"w\":17,\"h\":7,\"i\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\"},\"panelIndex\":\"ca041a33-b29f-4ce6-8762-2dd86a9c27a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":7,\"i\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\"},\"panelIndex\":\"4e6cdaec-ad6d-46b2-abdc-7383382635c7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":48,\"h\":16,\"i\":\"fae63e28-6a3c-4641-94fd-e5b033ac55b9\"},\"panelIndex\":\"fae63e28-6a3c-4641-94fd-e5b033ac55b9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":31,\"i\":\"db4fa812-32fb-43c8-baa8-e88206cae126\"},\"panelIndex\":\"db4fa812-32fb-43c8-baa8-e88206cae126\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"}]","timeRestore":false,"title":"Security Onion - Osquery","version":1},"id":"bf7cf8d0-7732-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"df50eba0-6ec0-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"ab47a590-afcc-11ea-b262-353d451b125b","name":"panel_3","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"search"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY1MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Software - Log Count Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Software - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"da4cc2c0-3640-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY1MSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":48,\"h\":40,\"x\":0,\"y\":44,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"name\",\"software_type\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":40,\"h\":36,\"x\":8,\"y\":8,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - Software","version":1},"id":"c2c99c30-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"da4cc2c0-3640-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"ba3d77e0-342e-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"AWDHEKJUxQT5EBNmq4jW","name":"panel_3","type":"visualization"},{"id":"9b0f6a80-4c7a-11e8-9b0a-f1d33346f773","name":"panel_4","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY1MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"Connections - Protocol (Bar Chart)","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Connections - Protocol (Bar Chart)\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Protocol\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"protocol.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}]}"},"id":"c3152010-3673-11e7-8c78-e3086faf385c","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY1MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - MySQL - Success","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - MySQL - Success\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mysql.success\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"ec40c5e0-75c0-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY1NCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event.dataset:mysql\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":9,\"i\":\"b08e3120-b482-4817-b3e9-f521f5acd8f2\"},\"panelIndex\":\"b08e3120-b482-4817-b3e9-f521f5acd8f2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":9,\"i\":\"e23b2681-5eae-4de6-8933-ba755508ec5b\"},\"panelIndex\":\"e23b2681-5eae-4de6-8933-ba755508ec5b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":9,\"i\":\"53e06ed2-d64f-46dc-b864-5b884a8c53dc\"},\"panelIndex\":\"53e06ed2-d64f-46dc-b864-5b884a8c53dc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":18,\"i\":\"2bfa498b-d0a8-48ee-9a47-bcf288127d2a\"},\"panelIndex\":\"2bfa498b-d0a8-48ee-9a47-bcf288127d2a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":18,\"i\":\"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\"},\"panelIndex\":\"e6a27aaf-ef8d-41a3-aebc-9c26ab2dc189\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":9,\"w\":15,\"h\":18,\"i\":\"e2f6f286-c4ba-4642-b650-366aca2c3d2d\"},\"panelIndex\":\"e2f6f286-c4ba-4642-b650-366aca2c3d2d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":18,\"i\":\"f84a5dbd-d99c-4c24-895f-18f1d419af93\"},\"panelIndex\":\"f84a5dbd-d99c-4c24-895f-18f1d419af93\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":16,\"i\":\"3b2e66eb-aa46-4363-b8ad-efd564b95279\"},\"panelIndex\":\"3b2e66eb-aa46-4363-b8ad-efd564b95279\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"Security Onion - MySQL","version":1},"id":"c3ced6d0-75be-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"ec40c5e0-75c0-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"1f306f60-75c0-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"3af496e0-75c0-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY1NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"ca9ffc10-76b5-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY1NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Bro - Syslog - Protocol","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Bro - Syslog - Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"protocol.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}}],\"listeners\":{}}"},"id":"e9d5ae30-76b6-11e7-94e1-3d2ec4e57ed9","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY1NywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":56,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":32,\"i\":\"5\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":32,\"i\":\"6\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":32,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":8,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":28,\"h\":24,\"x\":8,\"y\":8,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}]","timeRestore":false,"title":"Bro - Syslog","version":1},"id":"c4bbe040-76b3-11e7-ba96-cba76a1e264d","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"92b202e0-76b4-11e7-94e1-3d2ec4e57ed9","name":"panel_1","type":"visualization"},{"id":"269ca380-76b4-11e7-8c3e-cfcdd8c95d87","name":"panel_2","type":"search"},{"id":"6c60a280-76b5-11e7-94e1-3d2ec4e57ed9","name":"panel_3","type":"visualization"},{"id":"ae4e88b0-76b5-11e7-94e1-3d2ec4e57ed9","name":"panel_4","type":"visualization"},{"id":"ca9ffc10-76b5-11e7-94e1-3d2ec4e57ed9","name":"panel_5","type":"visualization"},{"id":"e9d5ae30-76b6-11e7-94e1-3d2ec4e57ed9","name":"panel_6","type":"visualization"},{"id":"346e5c30-76b7-11e7-94e1-3d2ec4e57ed9","name":"panel_7","type":"visualization"},{"id":"AWDHE-_wxQT5EBNmq4n3","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY1OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSH - Authentication Success","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"SSH - Authentication Success\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Authentication Success\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"authentication_success.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Authentication Success\"}}],\"listeners\":{}}"},"id":"dcea2790-6e33-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY1OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSH -Server","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSH -Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}}]}"},"id":"e64833a0-4c7b-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY2MCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":56,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"7\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"8\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"11\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"11\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":36,\"y\":8,\"w\":12,\"h\":24,\"i\":\"12\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"13\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":24,\"i\":\"13\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"14\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"15\",\"gridData\":{\"x\":8,\"y\":8,\"w\":28,\"h\":24,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - SSH","version":1},"id":"c6ccfc00-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"09457310-3641-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"8a60eb50-365f-11e7-8c78-e3086faf385c","name":"panel_2","type":"visualization"},{"id":"9a33f9a0-365f-11e7-8c78-e3086faf385c","name":"panel_3","type":"visualization"},{"id":"c33e7600-342e-11e7-9e93-53b62e1857b2","name":"panel_4","type":"search"},{"id":"54d78f50-6e33-11e7-9a19-a5996f8250c6","name":"panel_5","type":"visualization"},{"id":"dcea2790-6e33-11e7-9a19-a5996f8250c6","name":"panel_6","type":"visualization"},{"id":"2bbdc020-6e34-11e7-9a19-a5996f8250c6","name":"panel_7","type":"visualization"},{"id":"AWDHEYk4xQT5EBNmq4k5","name":"panel_8","type":"visualization"},{"id":"e64833a0-4c7b-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY2MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"id":"c7484350-6eb1-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY2MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice Message","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice Message\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"notice.message.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"notice.message.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message\"}}]}"},"id":"c8039090-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY2MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Share Flag","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Share Flag\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rfb.share_flag\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"d5e72b20-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY2NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - RFB - Desktop Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - RFB - Desktop Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rfb.desktop.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rfb.desktop.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Desktop Name\"}}]}"},"id":"fe62c910-75c7-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY2NSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:rfb\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"f64f888f-f9bb-4be1-ab75-80d2a11303ed\"},\"panelIndex\":\"f64f888f-f9bb-4be1-ab75-80d2a11303ed\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"0e12fa96-b29d-4815-ae19-b6e894948597\"},\"panelIndex\":\"0e12fa96-b29d-4815-ae19-b6e894948597\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\"},\"panelIndex\":\"7c1a7e05-c37b-4f81-b6b6-b30cfa0897e2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"c1bb39f4-4d9f-4154-a131-65e727fc0049\"},\"panelIndex\":\"c1bb39f4-4d9f-4154-a131-65e727fc0049\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\"},\"panelIndex\":\"e51c88d1-a11a-4d5f-b5a7-f6ac79b23054\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":8,\"w\":14,\"h\":19,\"i\":\"b9412112-bc5a-4b16-ba5e-ded11a0e299d\"},\"panelIndex\":\"b9412112-bc5a-4b16-ba5e-ded11a0e299d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":8,\"w\":16,\"h\":19,\"i\":\"edfbec77-b174-40ac-9f11-776da22fe82d\"},\"panelIndex\":\"edfbec77-b174-40ac-9f11-776da22fe82d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":24,\"h\":15,\"i\":\"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\"},\"panelIndex\":\"d2d1ebcb-83a9-44ca-80f2-2f0fc2abcecf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":27,\"w\":12,\"h\":15,\"i\":\"aedad86f-ec5e-4330-bab0-468351eb8355\"},\"panelIndex\":\"aedad86f-ec5e-4330-bab0-468351eb8355\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":15,\"i\":\"8092b313-2e40-47e4-96a2-51086f98e53f\"},\"panelIndex\":\"8092b313-2e40-47e4-96a2-51086f98e53f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Security Onion - RFB","version":1},"id":"c8b3c360-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"b2053990-75c7-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"d5e72b20-75c7-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"fe62c910-75c7-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"5dcf09e0-75c8-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"316e90a0-75c8-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY2NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connection Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Connection Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"id":"c94e2aa0-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY2NywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:tunnel\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"19aef080-5875-4182-81a8-2a6639c75489\"},\"panelIndex\":\"19aef080-5875-4182-81a8-2a6639c75489\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"70939be7-5bb9-4d13-ab89-683b3eda7a98\"},\"panelIndex\":\"70939be7-5bb9-4d13-ab89-683b3eda7a98\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"21848a06-ca96-4869-b069-7524caf3ae06\"},\"panelIndex\":\"21848a06-ca96-4869-b069-7524caf3ae06\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":10,\"h\":19,\"i\":\"8020a914-8f9f-4bd6-be32-1c6afa27f9e4\"},\"panelIndex\":\"8020a914-8f9f-4bd6-be32-1c6afa27f9e4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":10,\"y\":8,\"w\":10,\"h\":19,\"i\":\"9f72f316-c3a2-4658-8d03-932fa590e216\"},\"panelIndex\":\"9f72f316-c3a2-4658-8d03-932fa590e216\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":20,\"y\":8,\"w\":9,\"h\":19,\"i\":\"fa1bc43a-2be3-4699-97af-677bded82273\"},\"panelIndex\":\"fa1bc43a-2be3-4699-97af-677bded82273\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":8,\"w\":19,\"h\":19,\"i\":\"7c522eab-36bc-4933-abea-29a4c4a4f918\"},\"panelIndex\":\"7c522eab-36bc-4933-abea-29a4c4a4f918\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]","timeRestore":false,"title":"Security Onion - Tunnels","version":1},"id":"c962dd60-75ed-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"b6120810-75ef-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY2OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Weird - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_ip\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP Address\"}}],\"listeners\":{}}"},"id":"ca3e57d0-4172-11e7-9850-b78558d0ac17","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY2OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - DNP3 - FC Reply","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - DNP3 - FC Reply\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"dnp3.fc_reply.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dnp3.fc_reply.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"FC Reply\"}}]}"},"id":"cb29fbe0-75b8-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY3MCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"*\",\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"panelRefName\":\"panel_0\",\"version\":\"7.3.0\",\"gridData\":{\"x\":12,\"y\":20,\"w\":24,\"h\":20,\"i\":\"1\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}},{\"panelIndex\":\"2\",\"panelRefName\":\"panel_1\",\"version\":\"7.3.0\",\"gridData\":{\"x\":12,\"y\":0,\"w\":24,\"h\":20,\"i\":\"2\"},\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"panelRefName\":\"panel_2\",\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":40,\"i\":\"3\"},\"embeddableConfig\":{}},{\"panelIndex\":\"4\",\"panelRefName\":\"panel_3\",\"version\":\"7.3.0\",\"gridData\":{\"x\":0,\"y\":40,\"w\":48,\"h\":24,\"i\":\"4\"},\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}}]","timeRestore":false,"title":"Connections - Top Source IPs","version":1},"id":"cb367060-3b04-11e7-a83b-b1b4da7d15f4","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8261cf00-366e-11e7-8c78-e3086faf385c","name":"panel_0","type":"visualization"},{"id":"28c27f80-3b05-11e7-a83b-b1b4da7d15f4","name":"panel_1","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_2","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_3","type":"search"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY3MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Source IP Address","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source_ip\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}"},"id":"db570800-365a-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY3MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"SSL - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"f0700840-365a-11e7-8bd0-1db2c55fb7a1","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY3MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"SSL - Summary","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"SSL - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_common_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"validation_status.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS Version\"}}]}"},"id":"ebec2ea0-4c7c-11e8-9b0a-f1d33346f773","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY3NCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":56,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":80,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":104,\"i\":\"9\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":12,\"h\":24,\"x\":36,\"y\":104,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"11\",\"gridData\":{\"w\":20,\"h\":24,\"x\":16,\"y\":104,\"i\":\"11\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":56,\"i\":\"12\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"14\",\"gridData\":{\"w\":16,\"h\":24,\"x\":8,\"y\":8,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\",\"embeddableConfig\":{}},{\"panelIndex\":\"15\",\"gridData\":{\"w\":48,\"h\":72,\"x\":0,\"y\":128,\"i\":\"15\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"19\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":56,\"i\":\"19\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"20\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"20\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\"},{\"panelIndex\":\"21\",\"gridData\":{\"w\":40,\"h\":24,\"x\":8,\"y\":32,\"i\":\"21\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"}]","timeRestore":false,"title":"Bro - SSL","version":1},"id":"cca67b60-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"6139edd0-3641-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"3753e110-365a-11e7-bf60-314364dd1cde","name":"panel_2","type":"visualization"},{"id":"02699580-365a-11e7-bf60-314364dd1cde","name":"panel_3","type":"visualization"},{"id":"db570800-365a-11e7-8bd0-1db2c55fb7a1","name":"panel_4","type":"visualization"},{"id":"f0700840-365a-11e7-8bd0-1db2c55fb7a1","name":"panel_5","type":"visualization"},{"id":"21d090d0-365b-11e7-8bd0-1db2c55fb7a1","name":"panel_6","type":"visualization"},{"id":"53ac63e0-365b-11e7-8bd0-1db2c55fb7a1","name":"panel_7","type":"visualization"},{"id":"ae959820-365c-11e7-8bd0-1db2c55fb7a1","name":"panel_8","type":"visualization"},{"id":"c8f21de0-342e-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"23d22bd0-70b4-11e7-810e-2bafe9e41c10","name":"panel_10","type":"visualization"},{"id":"AWDHElRWxQT5EBNmq4lz","name":"panel_11","type":"visualization"},{"id":"ebec2ea0-4c7c-11e8-9b0a-f1d33346f773","name":"panel_12","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY3NSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"mapCenter\":[24.846565348219734,0.087890625],\"mapZoom\":2}},{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Connections - Destination - Sum of Total Bytes","version":1},"id":"ccfcc540-4638-11e7-a82e-d97152153689","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"1342e630-4632-11e7-9903-85f789353078","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY3NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Strelka - File - Entropy","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":0,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"Strelka - File - Entropy\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"scan.entropy.entropy\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Entropy\"}}]}"},"id":"ce9e03f0-772c-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY3NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - Warning","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - Warning\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"sip.warning.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.warning.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Warning\"}}]}"},"id":"cf56b070-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY3OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Log Count Over TIme","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Tunnels - Log Count Over TIme\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}"},"id":"e89c9700-3641-11e7-a6f7-4f44d7bf1c33","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY3OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Tunnels - Country","uiStateJSON":"{\"vis\":{\"legendOpen\":false}}","version":1,"visState":"{\"title\":\"Tunnels - Country\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"rotate\":0},\"title\":{\"text\":\"Country\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"destination_geo.country_name.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}}],\"listeners\":{}}"},"id":"f60e0c40-6e34-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY4MCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"w\":20,\"h\":20,\"x\":28,\"y\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":16,\"y\":48,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":0,\"y\":48,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"10\"},\"panelIndex\":\"10\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"gridData\":{\"w\":20,\"h\":20,\"x\":8,\"y\":8,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":20,\"x\":8,\"y\":28,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"embeddableConfig\":{},\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":48,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{},\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"}]","timeRestore":false,"title":"Bro - Tunnels","version":1},"id":"d7b54ae0-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"e89c9700-3641-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"43b2b040-3807-11e7-a1cc-ebc6a7e70e84","name":"panel_2","type":"visualization"},{"id":"26457730-3808-11e7-a1cc-ebc6a7e70e84","name":"panel_3","type":"visualization"},{"id":"3cdf2400-3808-11e7-a1cc-ebc6a7e70e84","name":"panel_4","type":"visualization"},{"id":"d26d5510-342e-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"f60e0c40-6e34-11e7-9a19-a5996f8250c6","name":"panel_6","type":"visualization"},{"id":"33b39a60-6e35-11e7-9a19-a5996f8250c6","name":"panel_7","type":"visualization"},{"id":"53824da0-6e35-11e7-9a19-a5996f8250c6","name":"panel_8","type":"visualization"},{"id":"AWDHFYrqxQT5EBNmq4qT","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY4MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"event_type:bro_conn\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Connections - Service","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Connections - Service\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service.keyword\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}"},"id":"d7d3dda0-54b9-11e9-a48f-b7dfb1d0f288","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"*:logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY4MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SSL - Server Name","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SSL - Server Name\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"ssl.server_name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssl.server_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Name\"}}]}"},"id":"db4dc4a0-75ec-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY4MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Network Datasets","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Network Datasets\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Dataset\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"event.module.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.dataset.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dataset\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}]}"},"id":"dbe4cc20-6ea7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"387f44c0-6ea7-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY4NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Weird - Destination Port","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Weird - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}"},"id":"dbfe2f00-6e35-11e7-9a19-a5996f8250c6","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY4NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Queries","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Queries\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"query.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}]}"},"id":"dcda5680-2927-11e8-b2a2-09f3986ae284","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY4NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SIP - URI","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SIP - URI\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"sip.uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"f63cba40-75ca-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY4NywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:sip\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"1e84368a-ad74-4d57-9793-5c9ce813045b\"},\"panelIndex\":\"1e84368a-ad74-4d57-9793-5c9ce813045b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":8,\"i\":\"304e7cd2-dc4f-4bf4-b1fe-747091d61b67\"},\"panelIndex\":\"304e7cd2-dc4f-4bf4-b1fe-747091d61b67\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":0,\"w\":18,\"h\":8,\"i\":\"e87052bf-935e-421b-8208-e798a37edf69\"},\"panelIndex\":\"e87052bf-935e-421b-8208-e798a37edf69\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"b2055759-c7fd-43ab-8613-6031e8e148d3\"},\"panelIndex\":\"b2055759-c7fd-43ab-8613-6031e8e148d3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"a303da32-bd43-45a5-acbf-093478d734f9\"},\"panelIndex\":\"a303da32-bd43-45a5-acbf-093478d734f9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":8,\"w\":8,\"h\":19,\"i\":\"d8632aad-86f0-4290-9480-75ec477ae4cd\"},\"panelIndex\":\"d8632aad-86f0-4290-9480-75ec477ae4cd\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":26,\"y\":8,\"w\":8,\"h\":19,\"i\":\"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\"},\"panelIndex\":\"ee3b0df5-4a03-470b-9d26-4eedf4f8b8d6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":34,\"y\":8,\"w\":14,\"h\":19,\"i\":\"dbe534a3-1a06-4185-b78a-293d7ec848c4\"},\"panelIndex\":\"dbe534a3-1a06-4185-b78a-293d7ec848c4\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":17,\"i\":\"45de60a4-61ab-4b78-8cc7-5a783070c9be\"},\"panelIndex\":\"45de60a4-61ab-4b78-8cc7-5a783070c9be\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":17,\"i\":\"9cb368f2-b652-4dc9-8427-b88a592e8361\"},\"panelIndex\":\"9cb368f2-b652-4dc9-8427-b88a592e8361\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":17,\"i\":\"b78c61e2-61c3-4c43-94d9-c3971ee375be\"},\"panelIndex\":\"b78c61e2-61c3-4c43-94d9-c3971ee375be\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - SIP","version":1},"id":"dd98e260-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"272b8ab0-75ca-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"9ff24600-75ca-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"f63cba40-75ca-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"49384710-75ca-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"},{"id":"81a1a740-75ca-11ea-9565-7315f4ee5cac","name":"panel_9","type":"visualization"},{"id":"cf56b070-75ca-11ea-9565-7315f4ee5cac","name":"panel_10","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY4OCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":80,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":8,\"y\":32,\"w\":14,\"h\":24,\"i\":\"5\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":22,\"y\":32,\"w\":14,\"h\":24,\"i\":\"6\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":24,\"i\":\"8\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\",\"embeddableConfig\":{}},{\"panelIndex\":\"9\",\"gridData\":{\"x\":0,\"y\":80,\"w\":48,\"h\":24,\"i\":\"9\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"10\",\"gridData\":{\"x\":8,\"y\":56,\"w\":40,\"h\":24,\"i\":\"10\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"12\",\"gridData\":{\"x\":36,\"y\":32,\"w\":12,\"h\":24,\"i\":\"12\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"panelIndex\":\"13\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"13\"},\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"14\",\"gridData\":{\"x\":24,\"y\":8,\"w\":24,\"h\":24,\"i\":\"14\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - Weird","version":1},"id":"de2da250-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"0dbcade0-3642-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"1b837b00-364e-11e7-9dc3-d35061cb642d","name":"panel_2","type":"visualization"},{"id":"312cd460-364e-11e7-9dc3-d35061cb642d","name":"panel_3","type":"visualization"},{"id":"8dbbbed0-364e-11e7-9dc3-d35061cb642d","name":"panel_4","type":"visualization"},{"id":"e32d0d50-342e-11e7-9e93-53b62e1857b2","name":"panel_5","type":"search"},{"id":"ca3e57d0-4172-11e7-9850-b78558d0ac17","name":"panel_6","type":"visualization"},{"id":"dbfe2f00-6e35-11e7-9a19-a5996f8250c6","name":"panel_7","type":"visualization"},{"id":"AWDHGXk-xQT5EBNmq4uf","name":"panel_8","type":"visualization"},{"id":"691ade50-4c85-11e8-9b0a-f1d33346f773","name":"panel_9","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY4OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Hash - SSDeep","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Hash - SSDeep\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"Hash\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"hash.ssdeep.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SSDeep\"}}]}"},"id":"e087c7d0-772d-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY5MCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":63,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":63,\"w\":16,\"h\":28,\"i\":\"8\"},\"panelIndex\":\"8\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":63,\"w\":16,\"h\":28,\"i\":\"9\"},\"panelIndex\":\"9\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":91,\"w\":16,\"h\":24,\"i\":\"11\"},\"panelIndex\":\"11\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":16,\"y\":91,\"w\":16,\"h\":24,\"i\":\"12\"},\"panelIndex\":\"12\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":32,\"y\":91,\"w\":16,\"h\":24,\"i\":\"13\"},\"panelIndex\":\"13\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":16,\"i\":\"14\"},\"panelIndex\":\"14\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":8,\"y\":32,\"w\":40,\"h\":31,\"i\":\"19\"},\"panelIndex\":\"19\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]},\"gridData\":{\"x\":0,\"y\":115,\"w\":48,\"h\":24,\"i\":\"25\"},\"panelIndex\":\"25\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":30,\"y\":24,\"w\":18,\"h\":8,\"i\":\"26\"},\"panelIndex\":\"26\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"29\"},\"panelIndex\":\"29\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":32,\"y\":63,\"w\":16,\"h\":28,\"i\":\"31\"},\"panelIndex\":\"31\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":8,\"y\":8,\"w\":22,\"h\":24,\"i\":\"32\"},\"panelIndex\":\"32\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\"}]","timeRestore":false,"title":"Bro - Connections","version":1},"id":"e0a34b90-34e6-11e7-9118-45bd317f0ca4","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"2da139c0-34e7-11e7-9118-45bd317f0ca4","name":"panel_1","type":"visualization"},{"id":"8261cf00-366e-11e7-8c78-e3086faf385c","name":"panel_2","type":"visualization"},{"id":"9a54f150-366e-11e7-8c78-e3086faf385c","name":"panel_3","type":"visualization"},{"id":"296823d0-366f-11e7-8c78-e3086faf385c","name":"panel_4","type":"visualization"},{"id":"b50912f0-366f-11e7-8c78-e3086faf385c","name":"panel_5","type":"visualization"},{"id":"05088150-3670-11e7-8c78-e3086faf385c","name":"panel_6","type":"visualization"},{"id":"c3152010-3673-11e7-8c78-e3086faf385c","name":"panel_7","type":"visualization"},{"id":"13fe29c0-3b17-11e7-b871-5f76306b9694","name":"panel_8","type":"visualization"},{"id":"9bf42190-342d-11e7-9e93-53b62e1857b2","name":"panel_9","type":"search"},{"id":"25ce6eb0-463b-11e7-a82e-d97152153689","name":"panel_10","type":"visualization"},{"id":"AWDG71xFxQT5EBNmq336","name":"panel_11","type":"visualization"},{"id":"bc7fbe00-4a44-11e8-9b0a-f1d33346f773","name":"panel_12","type":"visualization"},{"id":"d7d3dda0-54b9-11e9-a48f-b7dfb1d0f288","name":"panel_13","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY5MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"DNS - Destination Port (Horizontal Bar Chart)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"DNS - Destination Port (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"destination_port\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}}],\"listeners\":{}}"},"id":"e3717d80-6e0f-11e7-8624-1fb07dd76c6a","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY5MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[]}"},"savedSearchRefName":"search_0","title":"X.509 - Certificate Subject","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"X.509 - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"certificate_subject.keyword\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}"},"id":"fab4b560-37d8-11e7-9efb-91e89505091f","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY5MywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}},\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":48,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"3\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"3\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"4\",\"gridData\":{\"w\":48,\"h\":68,\"x\":0,\"y\":96,\"i\":\"4\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\",\"embeddableConfig\":{\"columns\":[\"certificate_subject\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"7\",\"gridData\":{\"w\":20,\"h\":20,\"x\":8,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"panelIndex\":\"8\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":48,\"i\":\"8\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"9\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":72,\"i\":\"9\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"10\",\"gridData\":{\"w\":20,\"h\":20,\"x\":28,\"y\":8,\"i\":\"10\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{}},{\"panelIndex\":\"11\",\"gridData\":{\"w\":40,\"h\":20,\"x\":8,\"y\":28,\"i\":\"11\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"12\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"12\"},\"version\":\"7.3.0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Bro - X.509","version":1},"id":"e5aa7170-3583-11e7-a588-05992195c551","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"41bee360-3642-11e7-a6f7-4f44d7bf1c33","name":"panel_1","type":"visualization"},{"id":"f5038cc0-342e-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"738127f0-37d7-11e7-9efb-91e89505091f","name":"panel_3","type":"visualization"},{"id":"fab4b560-37d8-11e7-9efb-91e89505091f","name":"panel_4","type":"visualization"},{"id":"0a5f7b30-37d9-11e7-9efb-91e89505091f","name":"panel_5","type":"visualization"},{"id":"150f7280-6e37-11e7-a8d6-ed2e692de531","name":"panel_6","type":"visualization"},{"id":"446e85c0-6e37-11e7-a8d6-ed2e692de531","name":"panel_7","type":"visualization"},{"id":"AWDHGklsxQT5EBNmq4wG","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY5NCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Host - Domain","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Host - Domain\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.domain.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Domain\"}}]}"},"id":"e80aa100-7375-11ea-a3da-cbdb4f8a90c0","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY5NSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"1\"},\"panelIndex\":\"1\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{\"mapCenter\":[39.639537564366684,0.17578125],\"mapZoom\":2}},{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Connections - Destination - Top Connection Duration","version":1},"id":"ea211360-46c4-11e7-a82e-d97152153689","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f7492d0-46c4-11e7-a82e-d97152153689","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY5NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"savedSearchRefName":"search_0","title":"DNS - Answers","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"DNS - Answers\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"answers.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Answer\"}}]}"},"id":"ff2af9b0-2927-11e8-b2a2-09f3986ae284","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY5NywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"panelIndex\":\"1\",\"gridData\":{\"w\":8,\"h\":68,\"x\":0,\"y\":0,\"i\":\"1\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"panelIndex\":\"5\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":44,\"i\":\"5\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":44,\"i\":\"6\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"w\":20,\"h\":12,\"x\":8,\"y\":8,\"i\":\"7\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\",\"embeddableConfig\":{}},{\"panelIndex\":\"10\",\"gridData\":{\"w\":48,\"h\":24,\"x\":0,\"y\":92,\"i\":\"10\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"13\",\"gridData\":{\"w\":32,\"h\":8,\"x\":16,\"y\":0,\"i\":\"13\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"16\",\"gridData\":{\"w\":48,\"h\":64,\"x\":0,\"y\":116,\"i\":\"16\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\",\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"uid\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]}},{\"panelIndex\":\"17\",\"gridData\":{\"w\":20,\"h\":12,\"x\":28,\"y\":8,\"i\":\"17\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\",\"embeddableConfig\":{}},{\"panelIndex\":\"21\",\"gridData\":{\"w\":16,\"h\":12,\"x\":32,\"y\":44,\"i\":\"21\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"},{\"panelIndex\":\"22\",\"gridData\":{\"w\":16,\"h\":12,\"x\":32,\"y\":56,\"i\":\"22\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_9\"},{\"panelIndex\":\"23\",\"gridData\":{\"w\":8,\"h\":8,\"x\":8,\"y\":0,\"i\":\"23\"},\"embeddableConfig\":{},\"version\":\"7.3.0\",\"panelRefName\":\"panel_10\"},{\"panelIndex\":\"24\",\"gridData\":{\"w\":24,\"h\":24,\"x\":0,\"y\":68,\"i\":\"24\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_11\",\"embeddableConfig\":{}},{\"panelIndex\":\"25\",\"gridData\":{\"w\":24,\"h\":24,\"x\":24,\"y\":68,\"i\":\"25\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_12\",\"embeddableConfig\":{}},{\"panelIndex\":\"26\",\"gridData\":{\"w\":12,\"h\":24,\"x\":20,\"y\":20,\"i\":\"26\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_13\",\"embeddableConfig\":{}},{\"panelIndex\":\"27\",\"gridData\":{\"w\":12,\"h\":24,\"x\":8,\"y\":20,\"i\":\"27\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_14\",\"embeddableConfig\":{}},{\"panelIndex\":\"28\",\"gridData\":{\"w\":16,\"h\":24,\"x\":32,\"y\":20,\"i\":\"28\"},\"version\":\"7.3.0\",\"panelRefName\":\"panel_15\",\"embeddableConfig\":{}}]","timeRestore":false,"title":"Bro - DNS","version":1},"id":"ebf5ec90-34bf-11e7-9b32-bb903919ead9","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"6ef90c30-34c0-11e7-9b32-bb903919ead9","name":"panel_1","type":"visualization"},{"id":"57a9a3f0-34c0-11e7-9b32-bb903919ead9","name":"panel_2","type":"visualization"},{"id":"45a652b0-34c1-11e7-917c-af7a9d11771a","name":"panel_3","type":"visualization"},{"id":"e8e3b8a0-34c1-11e7-917c-af7a9d11771a","name":"panel_4","type":"visualization"},{"id":"1ecdd2e0-34c0-11e7-9b32-bb903919ead9","name":"panel_5","type":"visualization"},{"id":"d46522e0-342d-11e7-9e93-53b62e1857b2","name":"panel_6","type":"search"},{"id":"e3717d80-6e0f-11e7-8624-1fb07dd76c6a","name":"panel_7","type":"visualization"},{"id":"4d89e140-6f09-11e7-9d31-23c0596994a7","name":"panel_8","type":"visualization"},{"id":"74861280-6f06-11e7-b253-211f64f37eda","name":"panel_9","type":"visualization"},{"id":"AWDG9Qx0xQT5EBNmq3_2","name":"panel_10","type":"visualization"},{"id":"dcda5680-2927-11e8-b2a2-09f3986ae284","name":"panel_11","type":"visualization"},{"id":"ff2af9b0-2927-11e8-b2a2-09f3986ae284","name":"panel_12","type":"visualization"},{"id":"22f7de30-4949-11e8-9576-313be7c6b44b","name":"panel_13","type":"visualization"},{"id":"0c338e50-4a4e-11e8-9b0a-f1d33346f773","name":"panel_14","type":"visualization"},{"id":"49e04860-4a4e-11e8-9b0a-f1d33346f773","name":"panel_15","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY5OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - SMB - File System","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - SMB - File System\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"smb.file_system.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smb.file_system.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File System\"}}]}"},"id":"ed215680-75ef-11ea-9565-7315f4ee5cac","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzY5OSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":8,\"i\":\"3\",\"w\":32,\"x\":16,\"y\":0},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"h\":51,\"i\":\"4\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"4\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{\"columns\":[\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]},\"gridData\":{\"h\":22,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":51},\"panelIndex\":\"6\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":17,\"i\":\"12\",\"w\":20,\"x\":8,\"y\":34},\"panelIndex\":\"12\",\"title\":\"NIDS Alert - Source Port\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"gridData\":{\"h\":8,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"panelIndex\":\"16\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"h\":17,\"i\":\"18\",\"w\":20,\"x\":28,\"y\":34},\"panelIndex\":\"18\",\"title\":\"NIDS Alert - Destination Port\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":16,\"i\":\"19\",\"w\":40,\"x\":8,\"y\":18},\"panelIndex\":\"19\",\"title\":\"NIDS - Alert Summary \",\"version\":\"7.3.0\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"20\",\"w\":17,\"x\":8,\"y\":8},\"panelIndex\":\"20\",\"title\":\"NIDS - Alert Title\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":10,\"i\":\"21\",\"w\":23,\"x\":25,\"y\":8},\"panelIndex\":\"21\",\"title\":\"NIDS - Rule Signature\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"NIDS - SID Drilldown","version":1},"id":"ed6f7e20-e060-11e9-8f0c-2ddbf5ed9290","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"d58ec1a0-34e4-11e7-9669-7f1d3242b798","name":"panel_0","type":"visualization"},{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_1","type":"visualization"},{"id":"9a5a35c0-342f-11e7-9e93-53b62e1857b2","name":"panel_2","type":"search"},{"id":"620283e0-3af5-11e7-a83b-b1b4da7d15f4","name":"panel_3","type":"visualization"},{"id":"AWDG3ym0xQT5EBNmq3mG","name":"panel_4","type":"visualization"},{"id":"3f040620-4a44-11e8-9b0a-f1d33346f773","name":"panel_5","type":"visualization"},{"id":"3a1b54b0-e061-11e9-8f0c-2ddbf5ed9290","name":"panel_6","type":"visualization"},{"id":"1b3faca0-e064-11e9-8f0c-2ddbf5ed9290","name":"panel_7","type":"visualization"},{"id":"6533dd40-e064-11e9-8f0c-2ddbf5ed9290","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcwMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - HTTP - Version","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - HTTP - Version\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.version.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"ede56800-6ed7-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9ee33aa0-6eb1-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcwMSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:ssl\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"7ba54e84-e774-489e-b4e5-156bff163007\"},\"panelIndex\":\"7ba54e84-e774-489e-b4e5-156bff163007\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"83706228-debf-441c-ab7f-2e20c91ec132\"},\"panelIndex\":\"83706228-debf-441c-ab7f-2e20c91ec132\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"e06b2a92-d78b-4d77-9948-40a96a630656\"},\"panelIndex\":\"e06b2a92-d78b-4d77-9948-40a96a630656\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":20,\"i\":\"6f2ba042-522e-43a3-8b9f-0d00e1b60070\"},\"panelIndex\":\"6f2ba042-522e-43a3-8b9f-0d00e1b60070\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":10,\"h\":20,\"i\":\"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\"},\"panelIndex\":\"f9b0f61d-4ff7-4bfb-a210-61ac7c07407a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":19,\"y\":8,\"w\":11,\"h\":20,\"i\":\"19764782-13cb-4b14-b272-d30fbdead5a2\"},\"panelIndex\":\"19764782-13cb-4b14-b272-d30fbdead5a2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":30,\"y\":8,\"w\":18,\"h\":20,\"i\":\"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\"},\"panelIndex\":\"8e0caa58-2dba-4d73-bf54-2c5452b7e5ff\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":28,\"w\":23,\"h\":20,\"i\":\"6ce88ef8-a636-4f1c-85e9-922ab70a500f\"},\"panelIndex\":\"6ce88ef8-a636-4f1c-85e9-922ab70a500f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":28,\"w\":25,\"h\":20,\"i\":\"a804d523-cf9b-47f1-85ca-4931defc69ce\"},\"panelIndex\":\"a804d523-cf9b-47f1-85ca-4931defc69ce\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - SSL","version":1},"id":"efae8de0-75eb-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"db4dc4a0-75ec-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"b8371250-75ec-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"6fccb600-75ec-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"4e8cbf80-75ec-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcwMiwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\",\"default_field\":\"*\"}}}}"},"optionsJSON":"{\"darkTheme\":true,\"useMargins\":true}","panelsJSON":"[{\"gridData\":{\"w\":8,\"h\":44,\"x\":0,\"y\":0,\"i\":\"2\"},\"panelIndex\":\"2\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_0\",\"embeddableConfig\":{}},{\"gridData\":{\"w\":40,\"h\":40,\"x\":8,\"y\":0,\"i\":\"3\"},\"panelIndex\":\"3\",\"version\":\"7.3.0\",\"panelRefName\":\"panel_1\",\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,0.17578125],\"mapZoom\":2}}]","timeRestore":false,"title":"Connections - Source - Sum of Total Bytes","version":1},"id":"f042ad60-46c6-11e7-946f-1bfb1be7c36b","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"b3b449d0-3429-11e7-9d52-4f090484f59e","name":"panel_0","type":"visualization"},{"id":"1156b1e0-46c7-11e7-946f-1bfb1be7c36b","name":"panel_1","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcwMywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:smb*\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":8,\"i\":\"4f0e2e7d-aeee-4de8-82f0-9faffa596a05\"},\"panelIndex\":\"4f0e2e7d-aeee-4de8-82f0-9faffa596a05\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":13,\"y\":0,\"w\":16,\"h\":8,\"i\":\"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\"},\"panelIndex\":\"efd2f5f0-c795-41e8-b0d7-7a3012e04d4d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":8,\"i\":\"c4342fbe-e949-42d7-959c-c1ce6978033a\"},\"panelIndex\":\"c4342fbe-e949-42d7-959c-c1ce6978033a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":9,\"h\":19,\"i\":\"f59a811c-5a72-4337-84bd-32a5d1dce308\"},\"panelIndex\":\"f59a811c-5a72-4337-84bd-32a5d1dce308\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":9,\"y\":8,\"w\":9,\"h\":19,\"i\":\"5bb49dfa-0703-448b-a249-6cebb45e101c\"},\"panelIndex\":\"5bb49dfa-0703-448b-a249-6cebb45e101c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":18,\"y\":8,\"w\":10,\"h\":19,\"i\":\"4f886675-43c8-46c9-a471-717010d40e67\"},\"panelIndex\":\"4f886675-43c8-46c9-a471-717010d40e67\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":28,\"y\":8,\"w\":10,\"h\":19,\"i\":\"f00a4afd-cd5f-48a4-a8d3-bc80f7367285\"},\"panelIndex\":\"f00a4afd-cd5f-48a4-a8d3-bc80f7367285\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":38,\"y\":8,\"w\":10,\"h\":19,\"i\":\"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\"},\"panelIndex\":\"c88f8f9f-c3d9-43c1-bfb1-bb2b7f64b92f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":48,\"h\":20,\"i\":\"d76e30ec-3114-4100-a806-2a77ba987bbe\"},\"panelIndex\":\"d76e30ec-3114-4100-a806-2a77ba987bbe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - SMB","version":1},"id":"f24d7b80-75c6-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"34762420-75f0-11ea-9565-7315f4ee5cac","name":"panel_5","type":"visualization"},{"id":"1c6567b0-75f0-11ea-9565-7315f4ee5cac","name":"panel_6","type":"visualization"},{"id":"ed215680-75ef-11ea-9565-7315f4ee5cac","name":"panel_7","type":"visualization"},{"id":"052df440-75f0-11ea-9565-7315f4ee5cac","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcwNCwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:playbook AND event.dataset:alert\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"c2172038-7740-458c-977a-98d139c438c2\"},\"panelIndex\":\"c2172038-7740-458c-977a-98d139c438c2\",\"embeddableConfig\":{\"title\":\"Security Onion - Alert Data\"},\"title\":\"Security Onion - Alert Data\",\"panelRefName\":\"panel_0\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":18,\"h\":8,\"i\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\"},\"panelIndex\":\"b18f1671-c1a0-44c8-946b-71bc21e62482\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":26,\"y\":0,\"w\":22,\"h\":8,\"i\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\"},\"panelIndex\":\"b26faccc-11d5-4cc3-8fd2-484b5e3659bc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":26,\"h\":18,\"i\":\"1f88747a-06f5-4450-8d08-150d0cd37667\"},\"panelIndex\":\"1f88747a-06f5-4450-8d08-150d0cd37667\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":26,\"y\":8,\"w\":22,\"h\":18,\"i\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\"},\"panelIndex\":\"0b5a83d1-8f56-4616-b0aa-af25a1995379\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.7.1\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":21,\"i\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\"},\"panelIndex\":\"28431fa5-4ce9-40db-a190-541b3390f9d0\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"}]","timeRestore":false,"title":"Security Onion - Playbook","version":1},"id":"f449f0a0-c77c-11ea-bebb-37c5ab5894ea","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"508fb520-72af-11ea-8dd2-9d8795a1200b","name":"panel_3","type":"visualization"},{"id":"f7e1d570-72ae-11ea-8dd2-9d8795a1200b","name":"panel_4","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"search"}],"type":"dashboard","updated_at":"2020-07-16T16:10:05.109Z","version":"WzgyOCwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Zeek - Notice Action","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Zeek - Notice Action\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"notice.p: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"notice.action.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"id":"fafba910-7a84-11ea-9d13-57f5db13d1ed","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcwNSwxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.dataset:notice AND event.module:zeek\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":8,\"i\":\"3c981b35-b930-4523-bef4-7f5193148816\"},\"panelIndex\":\"3c981b35-b930-4523-bef4-7f5193148816\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":16,\"h\":8,\"i\":\"eb1b234a-2d6b-46af-9afe-a420a389dad1\"},\"panelIndex\":\"eb1b234a-2d6b-46af-9afe-a420a389dad1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":8,\"i\":\"7d323b2f-3502-4397-93fd-b430d9011d92\"},\"panelIndex\":\"7d323b2f-3502-4397-93fd-b430d9011d92\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":8,\"w\":19,\"h\":18,\"i\":\"298b9cf4-5e54-45f5-805c-e04b31044401\"},\"panelIndex\":\"298b9cf4-5e54-45f5-805c-e04b31044401\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":19,\"y\":8,\"w\":29,\"h\":18,\"i\":\"1fa5b7c2-2680-4dd0-9c07-a714d8d8968a\"},\"panelIndex\":\"1fa5b7c2-2680-4dd0-9c07-a714d8d8968a\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":26,\"w\":11,\"h\":23,\"i\":\"9056cf20-d882-4316-ba02-91ecbd1d4df9\"},\"panelIndex\":\"9056cf20-d882-4316-ba02-91ecbd1d4df9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":11,\"y\":26,\"w\":11,\"h\":23,\"i\":\"5f855acb-fec5-4155-b2ef-0961a6d9a89c\"},\"panelIndex\":\"5f855acb-fec5-4155-b2ef-0961a6d9a89c\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":22,\"y\":26,\"w\":10,\"h\":23,\"i\":\"208bc4b2-013a-4aab-b72c-45a618077791\"},\"panelIndex\":\"208bc4b2-013a-4aab-b72c-45a618077791\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":32,\"y\":26,\"w\":16,\"h\":23,\"i\":\"5429bbba-3d62-4a93-9932-4a2cc4369775\"},\"panelIndex\":\"5429bbba-3d62-4a93-9932-4a2cc4369775\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"}]","timeRestore":false,"title":"Security Onion - Zeek - Notices","version":1},"id":"fa9ed760-7734-11ea-bee5-af7f7c7b8e05","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"30df00e0-7733-11ea-bee5-af7f7c7b8e05","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"9c6ccff0-7a84-11ea-9d13-57f5db13d1ed","name":"panel_3","type":"visualization"},{"id":"c8039090-7a84-11ea-9d13-57f5db13d1ed","name":"panel_4","type":"visualization"},{"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","name":"panel_5","type":"visualization"},{"id":"b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_6","type":"visualization"},{"id":"f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b","name":"panel_7","type":"visualization"},{"id":"fafba910-7a84-11ea-9d13-57f5db13d1ed","name":"panel_8","type":"visualization"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcwNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.module.keyword\",\"negate\":true,\"params\":{\"query\":\"suricata\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.module.keyword\":\"suricata\"}}}]}"},"savedSearchRefName":"search_0","title":"Security Onion - Playbook - Rules","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.module.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Module\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"rule.name.keyword: Descending\",\"aggType\":\"terms\"}]}},\"title\":\"Security Onion - Playbook - Rules\"}"},"id":"faaf66e0-c77d-11ea-bebb-37c5ab5894ea","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"5c3effd0-72ae-11ea-8dd2-9d8795a1200b","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-16T16:04:07.886Z","version":"WzgyNywyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Syslog - Severity (Donut)","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"syslog.severity.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Severity\"}}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"syslog.severity.keyword: Descending\",\"aggType\":\"terms\"}]}},\"title\":\"Security Onion - Syslog - Severity (Donut)\"}"},"id":"fc8d41a0-777b-11ea-bee5-af7f7c7b8e05","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-16T15:39:24.060Z","version":"Wzc5OSwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Security Onion - Connections - Top Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Connections - Top Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"params\":{},\"label\":\"source.ip.keyword: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"id":"fd8b4640-6e9f-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"9b333020-6e9f-11ea-9266-1fd14ca6af34","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcwNywxXQ=="} +{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"event.module:strelka\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":true}","panelsJSON":"[{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":7,\"i\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\"},\"panelIndex\":\"a2e0a619-a5c5-40d9-8593-e60f13ae22bf\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":0,\"w\":21,\"h\":7,\"i\":\"566a9d04-f2dc-4868-9625-97a19d985703\"},\"panelIndex\":\"566a9d04-f2dc-4868-9625-97a19d985703\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":7,\"i\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\"},\"panelIndex\":\"f247ec64-c278-4e05-ac4d-983bea9dfb7d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":7,\"w\":12,\"h\":20,\"i\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\"},\"panelIndex\":\"6e80a142-ab0e-4fd3-891c-e495b78a1625\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":12,\"y\":7,\"w\":11,\"h\":20,\"i\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\"},\"panelIndex\":\"292cc879-6bc0-4541-ba92-3b3c5f4e3368\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":7,\"w\":14,\"h\":20,\"i\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\"},\"panelIndex\":\"66979b2c-e7c1-4291-91ac-16537b7f9ec3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":37,\"y\":7,\"w\":11,\"h\":20,\"i\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\"},\"panelIndex\":\"8bb1cf98-0401-4a2d-9dd8-deca08205a22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":27,\"w\":8,\"h\":20,\"i\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\"},\"panelIndex\":\"393f3cec-3ee0-4275-b319-f307e7a260c6\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":8,\"y\":27,\"w\":15,\"h\":20,\"i\":\"0e8800a9-a6f5-4a79-8370-61713f584886\"},\"panelIndex\":\"0e8800a9-a6f5-4a79-8370-61713f584886\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":23,\"y\":27,\"w\":25,\"h\":20,\"i\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\"},\"panelIndex\":\"be9a0a2a-d8c6-4d15-b5d7-d5599d0482a3\",\"embeddableConfig\":{},\"panelRefName\":\"panel_9\"},{\"version\":\"7.6.1\",\"gridData\":{\"x\":0,\"y\":47,\"w\":48,\"h\":27,\"i\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\"},\"panelIndex\":\"40296d2b-cb6f-423f-989c-3fdaa82d2aad\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"}]","timeRestore":false,"title":"Security Onion - Strelka","version":1},"id":"ff689c50-75f3-11ea-9565-7315f4ee5cac","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8cfec8c0-6ec2-11ea-9266-1fd14ca6af34","name":"panel_0","type":"visualization"},{"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","name":"panel_1","type":"visualization"},{"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","name":"panel_2","type":"visualization"},{"id":"7a88adc0-75f0-11ea-9565-7315f4ee5cac","name":"panel_3","type":"visualization"},{"id":"49cfe850-772c-11ea-bee5-af7f7c7b8e05","name":"panel_4","type":"visualization"},{"id":"70243970-772c-11ea-bee5-af7f7c7b8e05","name":"panel_5","type":"visualization"},{"id":"ce9e03f0-772c-11ea-bee5-af7f7c7b8e05","name":"panel_6","type":"visualization"},{"id":"a7ebb450-772c-11ea-bee5-af7f7c7b8e05","name":"panel_7","type":"visualization"},{"id":"08c0b770-772e-11ea-bee5-af7f7c7b8e05","name":"panel_8","type":"visualization"},{"id":"e087c7d0-772d-11ea-bee5-af7f7c7b8e05","name":"panel_9","type":"visualization"},{"id":"8b6f3150-72a2-11ea-8dd2-9d8795a1200b","name":"panel_10","type":"search"}],"type":"dashboard","updated_at":"2020-07-15T13:17:15.442Z","version":"WzcwOCwxXQ=="} +{"exportedCount":724,"missingRefCount":0,"missingReferences":[]} From 958d614beff083a6d5c937afd1ff1f1a58c2eb45 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 17 Jul 2020 09:21:47 -0400 Subject: [PATCH 080/124] [fix] Only show motd ip message on manager node --- salt/motd/files/so_motd.jinja | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/salt/motd/files/so_motd.jinja b/salt/motd/files/so_motd.jinja index 4b22eb56c..43ad3b4de 100644 --- a/salt/motd/files/so_motd.jinja +++ b/salt/motd/files/so_motd.jinja @@ -1,9 +1,11 @@ {% set needs_restarting_check = salt['mine.get']('*', 'needs_restarting.check', tgt_type='glob') -%} +{% set role = grains.id.split('_') | last -%} {% set url = salt['pillar.get']('manager:url_base') -%} - +{% if role in ['eval', 'managersearch', 'manager', 'standalone'] %} Access the Security Onion web interface at https://{{ url }} (You may need to run so-allow first if you haven't yet) +{% endif %} {%- if needs_restarting_check %} {%- set minions_need_restarted = [] %} From e91aa751a79dd2a201be526df0766d8d4822b604 Mon Sep 17 00:00:00 2001 From: weslambert Date: Fri, 17 Jul 2020 09:38:43 -0400 Subject: [PATCH 081/124] Change verbiage --- salt/wazuh/files/agent/ossec.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/wazuh/files/agent/ossec.conf b/salt/wazuh/files/agent/ossec.conf index 37971aa93..8d38868ef 100644 --- a/salt/wazuh/files/agent/ossec.conf +++ b/salt/wazuh/files/agent/ossec.conf @@ -6,7 +6,7 @@ {%- set ip = salt['pillar.get']('sensor:mainip', '') %} {%- endif %} From 6f077e66e6400b82010d36b3999e9677a20ae117 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 17 Jul 2020 10:05:54 -0400 Subject: [PATCH 082/124] dont try to copy schedules if the directory is empty --- setup/so-functions | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index 0bbc013b2..8c2c18d2a 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -465,7 +465,9 @@ copy_minion_tmp_files() { ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar; ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules; scp -prv -i /root/.ssh/so.key "$temp_install_dir"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/; - scp -prv -i /root/.ssh/so.key "$temp_install_dir"/salt/patch/os/schedules/* soremote@"$MSRV":/tmp/"$MINION_ID"/schedules; + if [ "$(ls -A $temp_install_dir/salt/patch/os/schedules/)" ]; then + scp -prv -i /root/.ssh/so.key "$temp_install_dir"/salt/patch/os/schedules/* soremote@"$MSRV":/tmp/"$MINION_ID"/schedules; + fi ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/manager/files/add_minion.sh "$MINION_ID"; } >> "$setup_log" 2>&1 ;; From 2541f4d8e8aff3f896a525e8d0d55f825bfc484c Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 17 Jul 2020 10:23:51 -0400 Subject: [PATCH 083/124] dont try to copy schedules if the directory is empty --- setup/so-functions | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 8c2c18d2a..b159f286f 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -465,8 +465,10 @@ copy_minion_tmp_files() { ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar; ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules; scp -prv -i /root/.ssh/so.key "$temp_install_dir"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/; - if [ "$(ls -A $temp_install_dir/salt/patch/os/schedules/)" ]; then - scp -prv -i /root/.ssh/so.key "$temp_install_dir"/salt/patch/os/schedules/* soremote@"$MSRV":/tmp/"$MINION_ID"/schedules; + if [ -d "$temp_install_dir"/salt/patch/os/schedules/ ]; then + if [ "$(ls -A $temp_install_dir/salt/patch/os/schedules/)" ]; then + scp -prv -i /root/.ssh/so.key "$temp_install_dir"/salt/patch/os/schedules/* soremote@"$MSRV":/tmp/"$MINION_ID"/schedules; + fi fi ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/manager/files/add_minion.sh "$MINION_ID"; } >> "$setup_log" 2>&1 From 6e4eb7639344046f9ac00abc8b6621114a24a3ab Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Fri, 17 Jul 2020 10:25:48 -0400 Subject: [PATCH 084/124] Eval Ubuntu Fleet fix --- salt/ssl/init.sls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/ssl/init.sls b/salt/ssl/init.sls index a0780ecf6..efa3032dc 100644 --- a/salt/ssl/init.sls +++ b/salt/ssl/init.sls @@ -142,6 +142,7 @@ regkeyperms: - signing_policy: managerssl - public_key: /etc/pki/managerssl.key - CN: {{ manager }} + - subjectAltName: DNS:{{ HOSTNAME }}, IP:{{ MAINIP }} {% if CUSTOM_FLEET_HOSTNAME != None %},DNS:{{ CUSTOM_FLEET_HOSTNAME }} {% endif %} - days_remaining: 0 - days_valid: 820 - backup: True @@ -289,4 +290,4 @@ fleetkeyperms: - mode: 640 - group: 939 -{% endif %} +{% endif %} \ No newline at end of file From 17e3bde2f828357e4a8c491bd55d2a551a3557e1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 17 Jul 2020 10:55:30 -0400 Subject: [PATCH 085/124] Create home dir for adduser function --- setup/so-functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index b159f286f..cb7345abb 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -79,7 +79,7 @@ so_add_user() { echo "Add $username user" >> "$setup_log" 2>&1 groupadd --gid "$gid" "$username" - useradd --uid "$uid" --gid "$gid" --home-dir "$home_dir" "$username" + useradd -m --uid "$uid" --gid "$gid" --home-dir "$home_dir" "$username" # If a password has been passed in, set the password if [ "$pass" ]; then From d97271cca34107d35d74f89f9c4dd03bcc5b6168 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 17 Jul 2020 11:08:31 -0400 Subject: [PATCH 086/124] [fix] Don't drop to shell while running so-allow --- setup/so-setup | 18 +++++++++++------- setup/so-whiptail | 9 +++++++++ 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/setup/so-setup b/setup/so-setup index 7cf0c70f8..7f8862841 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -622,24 +622,28 @@ fi } | progress success=$(tail -10 $setup_log | grep Failed | awk '{ print $2}') +if [[ $success != 0 ]]; then SO_ERROR=1; fi -if [[ $success != 0 ]]; then SO_ERROR=1; fi # evaluate success first so it doesn't check against the output of so-allow if [[ -n $SO_ERROR ]]; then echo "Errors detected during setup; skipping post-setup steps to allow for analysis of failures." >> $setup_log 2>&1 SKIP_REBOOT=1 whiptail_setup_failed else - if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then - echo "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}" >> $setup_log 2>&1 - IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 - fi + { + if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then + set_progress_str 98 "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}" + IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 + fi - if [[ $THEHIVE == 1 ]]; then check_hive_init >> $setup_log 2>&1; fi + set_progress_str 99 'Waiting for TheHive to start up' + if [[ $THEHIVE == 1 ]]; then check_hive_init >> $setup_log 2>&1; fi - install_cleanup >> $setup_log 2>&1 + } | whiptail_gauge_post_setup "Running post-installation steps..." whiptail_setup_complete fi +install_cleanup >> $setup_log 2>&1 + if [[ -z $SKIP_REBOOT ]]; then shutdown -r now; else exit; fi diff --git a/setup/so-whiptail b/setup/so-whiptail index 3556a8245..358a18909 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1086,6 +1086,15 @@ whiptail_so_allow() { whiptail_check_exitstatus $exitstatus } +whiptail_gauge_post_setup() { + + [ -n "$TESTING" ] && return + + local msg=$1 + + whiptail --title "Security Onion Setup" --guage "$msg" 6 60 96 +} + whiptail_strelka_rules() { [ -n "$TESTING" ] && return From ede250d9e4febd070161cd2494ef29169925765d Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 17 Jul 2020 11:09:08 -0400 Subject: [PATCH 087/124] [feat] Merge access method dialogs together --- setup/so-functions | 1 - setup/so-whiptail | 10 +--------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 0bbc013b2..660b64393 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -867,7 +867,6 @@ generate_passwords(){ } get_redirect() { - whiptail_set_redirect_info whiptail_set_redirect if [ "$REDIRECTINFO" = "OTHER" ]; then whiptail_set_redirect_host diff --git a/setup/so-whiptail b/setup/so-whiptail index 358a18909..486428ca5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -997,7 +997,7 @@ whiptail_set_redirect() { [ -n "$TESTING" ] && return REDIRECTINFO=$(whiptail --title "Security Onion Setup" --radiolist \ - "Choose the access method for the web interface:" 20 75 4 \ + "Choose the access method for the web interface: \nNOTE: For security reasons, we use strict cookie enforcement" 20 75 4 \ "IP" "Use IP to access the web interface" ON \ "HOSTNAME" "Use hostname to access the web interface" OFF \ "OTHER" "Use a different name like a FQDN or Load Balancer" OFF 3>&1 1>&2 2>&3 ) @@ -1015,14 +1015,6 @@ whiptail_set_redirect_host() { whiptail_check_exitstatus $exitstatus } -whiptail_set_redirect_info() { - - [ -n "$TESTING" ] && return - - whiptail --title "Security Onion Setup" --msgbox "The following selection refers to accessing the web interface. \n -For security reasons, we use strict cookie enforcement." 10 75 -} - whiptail_setup_complete() { [ -n "$TESTING" ] && return From 9cbc7ad8f52d9a0d43a40eb4a7e9528d3589d1c5 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 17 Jul 2020 12:08:16 -0400 Subject: [PATCH 088/124] [fix] guage -> gauge --- setup/so-whiptail | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/so-whiptail b/setup/so-whiptail index 486428ca5..3c00a30d3 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -1084,7 +1084,7 @@ whiptail_gauge_post_setup() { local msg=$1 - whiptail --title "Security Onion Setup" --guage "$msg" 6 60 96 + whiptail --title "Security Onion Setup" --gauge "$msg" 6 60 96 } whiptail_strelka_rules() { From d88e15ecb4e1ae76509f0ea875f6e8f0306cd360 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 17 Jul 2020 12:33:25 -0400 Subject: [PATCH 089/124] [fix] Use `| tee` instead of redirect when already redirecting to setup log --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index ac72d4fb2..f54ea5446 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1314,7 +1314,7 @@ saltify() { # Add saltstack repo(s) wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/2019.2.5/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5 $OSVER main" > /etc/apt/sources.list.d/saltstack2019.list + echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5 $OSVER main" | tee /etc/apt/sources.list.d/saltstack2019.list >> "$setup_log" 2>&1 # Add Docker repo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1 @@ -1346,7 +1346,7 @@ saltify() { echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list >> "$setup_log" 2>&1 + echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5/ $OSVER main" | tee /etc/apt/sources.list.d/saltstack.list >> "$setup_log" 2>&1 echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list >> "$setup_log" 2>&1 ;; esac From 1abf324654095a2ee95cfe9f78e906415798de51 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 17 Jul 2020 12:59:17 -0400 Subject: [PATCH 090/124] [fix] Set `py_ver_url_path` for all install types --- setup/so-functions | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index f54ea5446..58bde1aba 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -588,7 +588,7 @@ configure_network_sensor() { } detect_cloud() { - echo "Testing if setup is running on a cloud instance" + echo "Testing if setup is running on a cloud instance..." if ( curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null ) || ( dmidecode -s bios-vendor | grep -q Google > /dev/null); then export is_cloud="true"; fi } @@ -609,7 +609,7 @@ detect_os() { exit 1 fi - echo "Installing required packages to run installer" + echo "Installing required packages to run installer..." # Install bind-utils so the host command exists if ! command -v host > /dev/null 2>&1; then yum -y install bind-utils >> "$setup_log" 2>&1 @@ -640,7 +640,7 @@ detect_os() { exit 1 fi - echo "Installing required packages to run installer" + echo "Installing required packages to run installer..." # Install network manager so we can do interface stuff if ! command -v nmcli > /dev/null 2>&1; then { @@ -1304,13 +1304,13 @@ saltify() { # Grab the version from the os-release file local ubuntu_version ubuntu_version=$(grep VERSION_ID /etc/os-release | awk -F '[ "]' '{print $2}') + if [ "$OSVER" != "xenial" ]; then local py_ver_url_path="/py3"; else local py_ver_url_path="/apt"; fi case "$install_type" in 'FLEET') if [ "$OSVER" != 'xenial' ]; then apt-get -y install python3-mysqldb >> "$setup_log" 2>&1; else apt-get -y install python-mysqldb >> "$setup_log" 2>&1; fi ;; 'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'STANDALONE') # TODO: should this also be HELIXSENSOR? - if [ "$OSVER" != "xenial" ]; then local py_ver_url_path="/py3"; else local py_ver_url_path="/apt"; fi # Add saltstack repo(s) wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/2019.2.5/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 @@ -1322,7 +1322,7 @@ saltify() { # Get gpg keys mkdir -p /opt/so/gpg >> "$setup_log" 2>&1 - wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com/apt/ubuntu/"$ubuntu_version"/amd64/latest/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 + wget -q --inet4-only -O /opt/so/gpg/SALTSTACK-GPG-KEY.pub https://repo.saltstack.com$py_ver_url_path/ubuntu/"$ubuntu_version"/amd64/latest/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/docker.pub https://download.docker.com/linux/ubuntu/gpg >> "$setup_log" 2>&1 wget -q --inet4-only -O /opt/so/gpg/GPG-KEY-WAZUH https://packages.wazuh.com/key/GPG-KEY-WAZUH >> "$setup_log" 2>&1 From da155b5dea650a98737889d7c11e8471477e73ab Mon Sep 17 00:00:00 2001 From: Josh Brower Date: Fri, 17 Jul 2020 13:00:03 -0400 Subject: [PATCH 091/124] Kibana Fleet Pivot Fix --- salt/kibana/bin/so-kibana-config-load | 2 +- salt/kibana/files/saved_objects.ndjson | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/kibana/bin/so-kibana-config-load b/salt/kibana/bin/so-kibana-config-load index f59d0c10d..451e848a1 100644 --- a/salt/kibana/bin/so-kibana-config-load +++ b/salt/kibana/bin/so-kibana-config-load @@ -10,7 +10,7 @@ cp /opt/so/conf/kibana/saved_objects.ndjson.template /opt/so/conf/kibana/saved_o # {% if FLEET_NODE or FLEET_MANAGER %} # Fleet IP -sed -i "s/FLEETPLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson +#sed -i "s/FLEETPLACEHOLDER/{{ MANAGER }}/g" /opt/so/conf/kibana/saved_objects.ndjson # {% endif %} # SOCtopus and Manager diff --git a/salt/kibana/files/saved_objects.ndjson b/salt/kibana/files/saved_objects.ndjson index 81051c94b..4bbf891b4 100644 --- a/salt/kibana/files/saved_objects.ndjson +++ b/salt/kibana/files/saved_objects.ndjson @@ -1,7 +1,7 @@ {"attributes":{"fieldFormatMap":"{\"match_body.source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"match_body.destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_username_override.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.slack_webhook_url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.slack_webhook_url.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_info.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert_info.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_sent\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endtime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exponent\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.signature_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._index.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body._type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body._type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lat\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.location.lon\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_ip.keyword\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.num_matches\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.original_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_ipbytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.respond_ipbytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source_ip.keyword\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-sourceip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-sourceip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"match_body.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"match_body.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matches\",\"type\":\"number\",\"count\":3,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"starttime\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"time_taken\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traceback\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"traceback.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"until\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:elastalert_status*"},"id":"*:elastalert_status*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-15T13:17:15.442Z","version":"WzAsMV0="} -{"attributes":{"fieldFormatMap":"{\"_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PCAPPLACEHOLDER/securityonion/joblookup?esid={{ value }}\",\"labelTemplate\":\"{{value}}\"}},\"uid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"fuid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"resp_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"orig_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"sid\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0.[000]\"}},\"query\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"query.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"signature_info\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{rawValue}}\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"duration\":{\"id\":\"duration\",\"params\":{\"outputFormat\":\"asSeconds\",\"outputPrecision\":6}},\"missed_bytes\":{\"id\":\"bytes\"},\"missing_bytes\":{\"id\":\"bytes\"},\"original_bytes\":{\"id\":\"bytes\"},\"original_ip_bytes\":{\"id\":\"bytes\"},\"overflow_bytes\":{\"id\":\"bytes\"},\"respond_bytes\":{\"id\":\"bytes\"},\"respond_ip_bytes\":{\"id\":\"bytes\"},\"seen_bytes\":{\"id\":\"bytes\"},\"total_bytes\":{\"id\":\"bytes\"},\"rtt\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0000000]\"}},\"uids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"osquery.LiveQuery\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://FLEETPLACEHOLDER/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"LiveQuery\"}},\"TheHive\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"\",\"labelTemplate\":\"Add2Hive\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ack\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ack.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints.path_len\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat_host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat_host.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_fqdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_fqdn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.dpkg_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.dpkg_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.package\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.package.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.args.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.egroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.egroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.euser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.euser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.fgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.fgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nlwp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nlwp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pgrp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pgrp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.processor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.processor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.resident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.resident.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.rgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.rgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ruser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ruser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.sgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.sgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.share\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.share.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.start_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.start_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.stime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.stime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.suser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.suser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.utime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.utime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.vm_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.vm_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.format\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.format.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.multiarch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.multiarch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.section\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.section.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.vendor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.vendor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.ftscomment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.ftscomment.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.parent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.parent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted_cutoff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted_cutoff.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"framed_addr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"framed_addr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"full_log\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"full_log.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_responses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_responses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ecn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_ecn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3s\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3s.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"options.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.LiveQuery\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.LiveQuery.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.calendarTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.calendarTime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.shell.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.counter\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.epoch\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hardware_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hardware_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostIdentifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostIdentifier.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.unixTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prospector.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_location.country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_signature.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sequence_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_dns_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_dns_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_nb_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_nb_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_tree_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_tree_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.event.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.inode_after\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.perm_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.perm_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tcp_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"urg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"urg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.firedtimes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gdpr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gdpr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gpg13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gpg13.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.groups\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.groups.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.mail\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.pci_dss\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.pci_dss.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"window\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"window.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'soctopus/thehive/alert/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-*"},"id":"*:logstash-*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEsMV0="} +{"attributes":{"fieldFormatMap":"{\"_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PCAPPLACEHOLDER/securityonion/joblookup?esid={{ value }}\",\"labelTemplate\":\"{{value}}\"}},\"uid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"source_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"destination_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'source_port:\\\"{{value}}\\\" OR destination_port:\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"fuid\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"resp_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"orig_fuids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"sid\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0.[000]\"}},\"query\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"query.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"server_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"indicator.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"file_ip.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:'\\\"{{value}}\\\"')),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"signature_info\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"{{rawValue}}\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"highest_registered_domain.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"domain_name.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"duration\":{\"id\":\"duration\",\"params\":{\"outputFormat\":\"asSeconds\",\"outputPrecision\":6}},\"missed_bytes\":{\"id\":\"bytes\"},\"missing_bytes\":{\"id\":\"bytes\"},\"original_bytes\":{\"id\":\"bytes\"},\"original_ip_bytes\":{\"id\":\"bytes\"},\"overflow_bytes\":{\"id\":\"bytes\"},\"respond_bytes\":{\"id\":\"bytes\"},\"respond_ip_bytes\":{\"id\":\"bytes\"},\"seen_bytes\":{\"id\":\"bytes\"},\"total_bytes\":{\"id\":\"bytes\"},\"rtt\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.[0000000]\"}},\"uids\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"/kibana/app/kibana#/dashboard/68563ed0-34bf-11e7-9b32-bb903919ead9?_g=(refreshInterval:(display:Off,pause:!f,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(columns:!(_source),index:'*:logstash-*',interval:auto,query:(query_string:(analyze_wildcard:!t,query:{{value}})),sort:!('@timestamp',desc))\",\"labelTemplate\":\"{{value}}\"}},\"osquery.LiveQuery\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://PLACEHOLDER/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"LiveQuery\"}},\"TheHive\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"\",\"labelTemplate\":\"Add2Hive\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"@version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"aa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"aa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ack\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ack.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"agent.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"analyzer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"analyzer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"answers\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"answers.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"assigned_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_attempts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"authentication_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"authentication_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints.path_len\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"basic_constraints_ca.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"basic_constraints_path_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"beat_host.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"beat_host.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"bound_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"call_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"call_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_exponent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_exponent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_key_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_key_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_after\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_not_valid_before\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_number_days_valid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_permanent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_permanent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_signing_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_signing_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"certificate_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"certificate_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"checksum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"checksum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cipher_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cipher_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"class\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"class.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"classification\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"classification.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_build\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_build.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_chain_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_chain_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_digital_product_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_digital_product_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_fqdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_fqdn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_issuer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_issuer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"community.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"company\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"company.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compile_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compile_ts.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compression_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compression_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connect_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connect_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection_state_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection_state_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_date\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"creation_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"current_directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"current_directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"curve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"curve.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.dpkg_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.dpkg_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.file.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_cores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_cores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_mhz\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_mhz.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.cpu_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.cpu_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_free\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_free.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_total\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_total.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.ram_usage\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.ram_usage.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.hardware.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.hardware.serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.broadcast\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.broadcast.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.gateway\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.gateway.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.metric\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.metric.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv4.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv4.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.address\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.address.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.dhcp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.dhcp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.ipv6.netmask\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.ipv6.netmask.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.mtu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.mtu.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.rx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.rx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_bytes\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_bytes.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_errors\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_errors.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.tx_packets\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.tx_packets.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.netinfo.iface.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.netinfo.iface.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.platform\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.platform.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.release_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.release_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.sysname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.sysname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.os.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.os.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.package\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.package.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.inode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.inode.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.local_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.local_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.remote_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.remote_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.rx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.rx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.port.tx_queue\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.port.tx_queue.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.args\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.args.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.egroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.egroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.euser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.euser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.fgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.fgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.nlwp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.nlwp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pgrp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pgrp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.processor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.processor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.resident\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.resident.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.rgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.rgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.ruser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ruser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.sgroup\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.sgroup.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.share\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.share.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.start_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.start_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.stime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.stime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.suser\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.suser.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tgid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tgid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.utime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.utime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.vm_size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.vm_size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.architecture\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.architecture.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.format\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.format.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.multiarch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.multiarch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.section\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.section.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.vendor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.vendor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.program.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.program.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.pwd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.pwd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_passive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_channel_passive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_channel_source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dcc_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dcc_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.ftscomment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.ftscomment.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"decoder.parent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"decoder.parent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"desktop_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"desktop_width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_is_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_is_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_city.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.continent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.continent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_iso_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_iso_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_latitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_latitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_longitude\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_longitude.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_region\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination_region.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"details\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"details.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dir\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dir.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"display_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"display_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_age.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"domain_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"domain_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dropped\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dropped.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"enabled\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"enabled.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encryption_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encryption_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"endpoint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"endpoint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"entry_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"entry_location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"error_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"escalated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"escalated_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"established\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"established.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"exception\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"exception.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"extracted_cutoff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"extracted_cutoff.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fc_request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fc_request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_mime_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_mime_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"first_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"first_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_label\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"flow_label.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"forwardable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"forwardable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"framed_addr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"framed_addr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"freq_virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"freq_virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"frequency_scores\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"frequency_scores.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"full_log\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"full_log.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"function.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_bulk_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_bulk_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"get_responses\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"get_responses.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_cert_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_cert_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_debug_data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_debug_data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_export_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_export_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"has_import_table\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"has_import_table.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_server_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_server_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hassh_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hassh_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"highest_registered_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"highest_registered_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"history\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"history.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hop_limit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hop_limit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host_key_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host_key_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"iin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"iin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"indicator_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"indicator_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"info_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"info_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"initiated\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"initiated.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"integrity_level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"integrity_level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"interface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"interface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ecn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_ecn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_protocol_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_tos\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ipv4_tos.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ipv4_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"irc_username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc_username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_64bit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_64bit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_exe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_exe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_source_ipv6\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_source_ipv6.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_webmail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"is_webmail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_common_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_common_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_distinguished_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_distinguished_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_locality.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_organization_unit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_organization_unit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_serial_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_serial_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"issuer_state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"issuer_state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ja3s\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ja3s.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kex_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kex_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyboard_layout\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyboard_layout.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_alert\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_alert.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"last_reply\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"last_reply.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"launch_string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"launch_string.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lease_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lease_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_orig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_orig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"local_respond\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"local_respond.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"location.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.file.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logged\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logged.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logon_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"logon_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"logstash_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mac_algorithm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mac_algorithm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"machine\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"machine.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"matched\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"matched.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mimetype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mimetype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missed_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"missing_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_argument\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_argument.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"n\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"named_pipe\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"named_pipe.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"native_file_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"native_file_system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"next_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"next_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nick\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"nick.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"note\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"note.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm_success\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm_success.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"num_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"object_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"offset\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"operation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"options\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"options.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"orig_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"orig_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"original_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"original_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.EndpointIP2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.EndpointIP2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.LiveQuery\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.LiveQuery.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.calendarTime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.calendarTime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.codename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.codename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.directory\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.directory.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.gid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.gid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.shell\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.shell.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uid_signed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uid_signed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.columns.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.columns.uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.counter\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.epoch\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hardware_serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hardware_serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostIdentifier\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostIdentifier.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.unixTime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_agent_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_agent_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ossec_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ossec_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"overflow_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"p\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_domain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_image_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_image_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_guid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"parent_process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"parent_process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"peer_description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"peer_description.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pesha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"pesha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"predecoder.timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"predecoder.timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prev_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prev_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_guid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"profile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"profile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"program\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"program.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"prospector.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"prospector.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxied\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxied.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_class_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_class_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query_type_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query_type_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ra\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ra.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rcode_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rcode_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"recipient_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"recipient_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rejected\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rejected.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_location.country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"renewable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_port\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_port.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_color_depth\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_color_depth.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"requested_resource\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"requested_resource.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_filenames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_filenames.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_fuids\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_fuids.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resp_mime_types\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resp_mime_types.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_country_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"respond_country_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_ip_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"respond_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_body_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"result.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"resumed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"resumed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rev\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rev.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rows\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rows.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rtt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_signature.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"san_dns\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"san_dns.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"second_received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"second_received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"section_names\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"section_names.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"security_protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"security_protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_node\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_node.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seen_where\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seen_where.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"seq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"seq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sequence_number\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_fuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_certificate_subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_certificate_subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_dns_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_dns_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_host_key_algorithms\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_host_key_algorithms.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_major_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_major_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_minor_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_minor_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_name_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_nb_computer_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_nb_computer_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_tree_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server_tree_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"service.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"set_requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"set_requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"severity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sha256\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sha256.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_flag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_flag.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"share_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signature_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"signer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"signer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"site.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"size.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_geo.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_ips\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_ips.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source_port_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sources\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sources.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_message.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"status_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_msg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sub_rule_number\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sub_rule_number.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subdomain_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subsystem\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subsystem.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"suppress_for\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.event\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.event.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.gname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.gname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.inode_after\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.md5_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.md5_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.mtime_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.mtime_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.perm_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.perm_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha1_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha1_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.sha256_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.sha256_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.size_before\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.size_before.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uid_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uid_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syscheck.uname_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syscheck.uname_after.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-facility\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-facility.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-file_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-file_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-host_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-host_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-legacy_msghdr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-legacy_msghdr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-pid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-pid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-priority\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-priority.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-sourceip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"syslog-tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog-tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sysmon_timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sysmon_timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"target_filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"target_filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tcp_flags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"terminal_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"terminal_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timed_out\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timed_out.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_accessed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_accessed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_changed\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_changed.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_created\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_created.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"times_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"times_modified.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"timestamp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tld.subdomain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tld.subdomain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"top_level_domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"top_level_domain.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"total_bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tracker_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tracker_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"trans_depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"transaction_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttls\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tty.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_parents\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_parents.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"unparsed_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"unparsed_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"up_since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"up_since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"urg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"urg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uri_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"useragent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"useragent_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_aslr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_aslr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_code_integrity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_code_integrity.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_dep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_dep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uses_seh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uses_seh.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"valid_till\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"valid_till.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"validation_status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"validation_status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_additional_info\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_additional_info.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_major\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_major.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version_minor3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version_minor3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"virtual_host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_frequency_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"virtual_host_length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"warning.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.firedtimes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gdpr\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gdpr.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.gpg13\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.gpg13.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.groups\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.groups.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.mail\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"wazuh-rule.pci_dss\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"wazuh-rule.pci_dss.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"width.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"window\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"window.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x_originating_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"year\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"z\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"z.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'soctopus/thehive/alert/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","notExpandable":true,"timeFieldName":"@timestamp","title":"*:logstash-*"},"id":"*:logstash-*","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-15T13:17:15.442Z","version":"WzEsMV0="} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security Onion - Network Data","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Home](/kibana/app/kibana#/dashboard/a8411b30-6d03-11ea-b301-3d6c35840645) \\n \\n**Datasets** \\n[Connections](/kibana/app/kibana#/dashboard/0cc628b0-6e9f-11ea-9266-1fd14ca6af34) | [DCE/RPC](/kibana/app/kibana#/dashboard/9e882df0-72c5-11ea-8dd2-9d8795a1200b) |\\n[DHCP](/kibana/app/kibana#/dashboard/80625c10-96dd-11ea-814e-bb515e873c2c) \\n[DNP3](/kibana/app/kibana#/dashboard/b1f52180-755a-11ea-9565-7315f4ee5cac) | [DNS](/kibana/app/kibana#/dashboard/55ac6bf0-6ec4-11ea-9266-1fd14ca6af34) |\\n[FTP](/kibana/app/kibana#/dashboard/739bfad0-755a-11ea-9565-7315f4ee5cac) |\\n[HTTP](/kibana/app/kibana#/dashboard/44e9c820-6eb1-11ea-9266-1fd14ca6af34) | [IRC](/kibana/app/kibana#/dashboard/38523560-75ba-11ea-9565-7315f4ee5cac) |\\n[Kerberos](/kibana/app/kibana#/dashboard/b207ab90-75bc-11ea-9565-7315f4ee5cac) \\n[Modbus](/kibana/app/kibana#/dashboard/886a7b90-75bd-11ea-9565-7315f4ee5cac) | \\n[MySQL](/kibana/app/kibana#/dashboard/c3ced6d0-75be-11ea-9565-7315f4ee5cac) | \\n[NTLM](/kibana/app/kibana#/dashboard/558292e0-75c1-11ea-9565-7315f4ee5cac) | \\n[PE](kibana/app/kibana#/dashboard/94b55b90-c761-11ea-bebb-37c5ab5894ea) |\\n[RADIUS](/kibana/app/kibana#/dashboard/b9769e60-75c4-11ea-9565-7315f4ee5cac) | [RDP](/kibana/app/kibana#/dashboard/5b743150-75c5-11ea-9565-7315f4ee5cac) | \\n[RFB](/kibana/app/kibana#/dashboard/c8b3c360-75c6-11ea-9565-7315f4ee5cac) | [SIP](/kibana/app/kibana#/dashboard/dd98e260-75c6-11ea-9565-7315f4ee5cac) \\n[SMB](/kibana/app/kibana#/dashboard/f24d7b80-75c6-11ea-9565-7315f4ee5cac) | [SMTP](/kibana/app/kibana#/dashboard/00304500-75e7-11ea-9565-7315f4ee5cac) | [SNMP](/kibana/app/kibana#/dashboard/96522610-75e8-11ea-9565-7315f4ee5cac) | \\n[SSH](/kibana/app/kibana#/dashboard/9dfd77e0-75eb-11ea-9565-7315f4ee5cac) | [SSL](/kibana/app/kibana#/dashboard/efae8de0-75eb-11ea-9565-7315f4ee5cac) | [Syslog](/kibana/app/kibana#/dashboard/66499a20-75ed-11ea-9565-7315f4ee5cac) | [Tunnels](/kibana/app/kibana#/dashboard/c962dd60-75ed-11ea-9565-7315f4ee5cac) | [X.509](/kibana/app/kibana#/dashboard/2e0865f0-75ee-11ea-9565-7315f4ee5cac) \\n\"},\"title\":\"Security Onion - Network Data\"}"},"id":"7f822930-6ea4-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[],"type":"visualization","updated_at":"2020-07-16T12:42:36.125Z","version":"WzcyNSwyXQ=="} -{"attributes":{"fieldFormatMap":"{\"network.community_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:network.community_id,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(network.community_id:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/securityonion/joblookup?esid={{ value }}\",\"labelTemplate\":\"{{ value }}\"}},\"client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"Push to TheHive\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"\",\"labelTemplate\":\"Click to create an alert in TheHive\"}},\"event.dataset\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.dataset.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"osquery.result.live_query\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://FLEETPLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"osquery.result.live_query.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://FLEETPLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"connection.state_description\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.state_description.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.uuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.uuid,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.uuid:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.lease_time\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.lease_time,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.lease_time:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }{}\"}},\"dns.query.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"client.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.id.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.id.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.ip\"}}},{\"name\":\"client.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.port\"}}},{\"name\":\"client.user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"connection.bytes.missed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.history\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.history.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.local.originator\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.local.responder\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"data.@timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.@timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.@timestamp\"}}},{\"name\":\"data.@version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.@version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.@version\"}}},{\"name\":\"data._id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data._id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data._id\"}}},{\"name\":\"data._index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data._index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data._index\"}}},{\"name\":\"data._type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data._type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data._type\"}}},{\"name\":\"data.agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.ephemeral_id\"}}},{\"name\":\"data.agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.id\"}}},{\"name\":\"data.agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.name\"}}},{\"name\":\"data.agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.type\"}}},{\"name\":\"data.agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.version\"}}},{\"name\":\"data.ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.ecs.version\"}}},{\"name\":\"data.event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.action\"}}},{\"name\":\"data.event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.category\"}}},{\"name\":\"data.event.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.event.created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.created\"}}},{\"name\":\"data.event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.dataset\"}}},{\"name\":\"data.event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.kind\"}}},{\"name\":\"data.event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.module\"}}},{\"name\":\"data.event.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.provider\"}}},{\"name\":\"data.fields.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.fields.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.fields.module\"}}},{\"name\":\"data.host.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.architecture\"}}},{\"name\":\"data.host.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.hostname\"}}},{\"name\":\"data.host.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.id\"}}},{\"name\":\"data.host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.name\"}}},{\"name\":\"data.host.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.build\"}}},{\"name\":\"data.host.os.family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.family\"}}},{\"name\":\"data.host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.kernel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.kernel\"}}},{\"name\":\"data.host.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.name\"}}},{\"name\":\"data.host.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.platform\"}}},{\"name\":\"data.host.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.version\"}}},{\"name\":\"data.log.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.log.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.log.level\"}}},{\"name\":\"data.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.message\"}}},{\"name\":\"data.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.module\"}}},{\"name\":\"data.num_hits\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.num_matches\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.command_line\"}}},{\"name\":\"data.process.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.entity_id\"}}},{\"name\":\"data.process.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.executable\"}}},{\"name\":\"data.process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.parent.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.parent.command_line\"}}},{\"name\":\"data.process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.parent.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.parent.entity_id\"}}},{\"name\":\"data.process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.parent.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.parent.executable\"}}},{\"name\":\"data.process.pe.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pe.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.pe.description\"}}},{\"name\":\"data.process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pe.file_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.pe.file_version\"}}},{\"name\":\"data.process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pe.original_file_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.pe.original_file_name\"}}},{\"name\":\"data.process.pe.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pe.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.pe.product\"}}},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.ppid\"}}},{\"name\":\"data.process.working_directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.working_directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.working_directory\"}}},{\"name\":\"data.tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.tags\"}}},{\"name\":\"data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.user.name\"}}},{\"name\":\"data.winlog.api\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.api.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.api\"}}},{\"name\":\"data.winlog.channel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.channel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.channel\"}}},{\"name\":\"data.winlog.computer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.computer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.computer_name\"}}},{\"name\":\"data.winlog.event_data.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.Company\"}}},{\"name\":\"data.winlog.event_data.Hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.Hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.Hashes\"}}},{\"name\":\"data.winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.IntegrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.IntegrityLevel\"}}},{\"name\":\"data.winlog.event_data.LogonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.LogonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.LogonGuid\"}}},{\"name\":\"data.winlog.event_data.LogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.LogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.LogonId\"}}},{\"name\":\"data.winlog.event_data.ProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.ProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.ProcessId\"}}},{\"name\":\"data.winlog.event_data.RuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.RuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.RuleName\"}}},{\"name\":\"data.winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.TerminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.TerminalSessionId\"}}},{\"name\":\"data.winlog.event_data.UtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.UtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.UtcTime\"}}},{\"name\":\"data.winlog.event_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.winlog.opcode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.opcode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.opcode\"}}},{\"name\":\"data.winlog.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.winlog.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.winlog.provider_guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.provider_guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.provider_guid\"}}},{\"name\":\"data.winlog.provider_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.provider_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.provider_name\"}}},{\"name\":\"data.winlog.record_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.winlog.task\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.task.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.task\"}}},{\"name\":\"data.winlog.user.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.user.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.user.domain\"}}},{\"name\":\"data.winlog.user.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.user.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.user.identifier\"}}},{\"name\":\"data.winlog.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.user.name\"}}},{\"name\":\"data.winlog.user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.user.type\"}}},{\"name\":\"data.winlog.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dce_rpc.endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.named_pipe\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.named_pipe.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.operation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.operation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.ip\"}}},{\"name\":\"destination.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.ip\"}}},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.assigned_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.assigned_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.lease_time\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.message_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.message_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.requested_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.requested_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dnp3.fc_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.iin\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.answers.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.answers\"}}},{\"name\":\"dns.authoritative\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.highest_registered_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.highest_registered_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.parent_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.parent_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.class_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.rejected\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.type_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.recursion.available\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.recursion.desired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.reserved\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.response.code_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.subdomain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.subdomain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.top_level_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.truncated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ttls\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"error.reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.duration\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.severity_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"file.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.aslr\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.missing\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.overflow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.seen\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_integrity\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.compile_timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.compile_timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.debug_data\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.dep\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.cutoff\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.extracted.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.flavors.mime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.mime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.yara\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.yara.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.is_64bit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_exe\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.local_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.machine\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.machine.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.mime_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mime_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mimetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mimetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.orig_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.os\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.os.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.resp_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.scanners\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.scanners.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.section_names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.section_names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.seh\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.table.cert\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.export\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.import\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.timed_out\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.times_accessed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_accessed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_changed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_changed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_modified\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_modified.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.tree.node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.parent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.parent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.root\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.root.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"ftp.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.data_channel_destination.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.data_channel_destination.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.data_channel_destination.ip\"}}},{\"name\":\"ftp.data_channel_destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_passive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_source.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.data_channel_source.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.data_channel_source.ip\"}}},{\"name\":\"ftp.password\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.password.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.hassh\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.hassh.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.ja3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3s\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3s.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.md5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.md5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.sha1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha256\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha256.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.ssdeep\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ssdeep.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.kernel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.syscheck.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.gid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.inode_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.inode_before\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.md5_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.mtime_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.perm_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.perm_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.sha1_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha256_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.size_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.uid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"http.info_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.info_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.info_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.proxied\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.proxied.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.referrer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.referrer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.trans_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.virtual_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.virtual_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"ingest.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ingest.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"irc.command.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.nickname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.nickname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"kerberos.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.error_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.error_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.request_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.request_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.server_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.server_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.forwardable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.renewable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.valid.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.until\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.until.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.full\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.full.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.id.client_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.client_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.orig_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.orig_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.resp_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.resp_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.server_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.server_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.tunnel_parents\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.tunnel_parents.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.location\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.location.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"message\"}}},{\"name\":\"modbus.exception\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.exception.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.exception\"}}},{\"name\":\"modbus.function\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.function.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"mysql.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.rows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.community_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.data.decoded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.data.decoded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.transport\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.transport.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"notice.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.note\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.note.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.p\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice.peer_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.peer_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.sub_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.sub_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.suppress_for\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm.server.dns.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.dns.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.nb.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.nb.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.tree.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.tree.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"osquery.result.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.calendar_time\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.calendar_time.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendar_time\"}}},{\"name\":\"osquery.result.codename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.codename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.columns.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.description\"}}},{\"name\":\"osquery.result.columns.directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.directory\"}}},{\"name\":\"osquery.result.columns.gid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.gid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.gid\"}}},{\"name\":\"osquery.result.columns.gid_signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.gid_signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.gid_signed\"}}},{\"name\":\"osquery.result.columns.shell\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.shell.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.shell\"}}},{\"name\":\"osquery.result.columns.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.uid\"}}},{\"name\":\"osquery.result.columns.uid_signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.uid_signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.uid_signed\"}}},{\"name\":\"osquery.result.columns.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.username\"}}},{\"name\":\"osquery.result.columns.uuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.uuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.uuid\"}}},{\"name\":\"osquery.result.counter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.endpoint_ip1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.epoch\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.hardware_serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hardware_serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.host_identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.host_identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.host_identifier\"}}},{\"name\":\"osquery.result.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.live_query\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.live_query.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.numerics\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.unix_time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.pe.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.file_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.original_file_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.ppid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ppid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.working_directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.working_directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"radius.framed_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.framed_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"rdp.certificate_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_permanent\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.certificate_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.client_build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.client_build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.desktop.height\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.desktop.width\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.encryption_level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.keyboard_layout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.keyboard_layout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.requested_color_depth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.requested_color_depth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.security_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.security_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"request.attributes.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.attributes.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.firedtimes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gdpr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gdpr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gpg13\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gpg13.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.groups\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.groups.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.hipaa\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hipaa.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.id\"}}},{\"name\":\"rule.level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.mail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.metadata.affected_product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.affected_product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.attack_target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.attack_target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.created_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.created_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.deployment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.deployment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.former_category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.former_category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.malware_family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.malware_family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.performance_impact\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.performance_impact.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.signature_severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.signature_severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.tag\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.tag.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.updated_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.updated_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.nist_800_53\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.nist_800_53.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.pci_dss\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.pci_dss.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.uuid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.exiftool.About\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.About.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.AppVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.AppVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.Author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.BitDepth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BitDepth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BuildID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BuildID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharCountWithSpaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharacterSet\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharacterSet.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.Characters\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Characters.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.CodePage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodePage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodeSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodeSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.ColorType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ColorType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.Comments\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Comments.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.CompObjUserType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserTypeLen.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.CompanyName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompanyName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.Compression\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Compression.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.CreateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.Creator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Creator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.CreatorTool\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreatorTool.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromDocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromInstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.Directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.DocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.EntryPoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.EntryPoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.Error\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Error.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.ExifToolVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ExifToolVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.FileAccessDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileAccessDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileDescription\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileDescription.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileFlags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlagsMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlagsMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileInodeChangeDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileOS\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileOS.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FilePermissions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FilePermissions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FileSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSubtype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSubtype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileTypeExtension\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileTypeExtension.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.Filter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Filter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Format\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Format.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.HasXFA\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HasXFA.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HeadingPairs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HeadingPairs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HyperlinksChanged.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.ImageHeight\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageHeight.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageWidth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageWidth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.InitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.Interlace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Interlace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.InternalName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InternalName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.Keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.LanguageCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LanguageCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LastModifiedBy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LastModifiedBy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LegalCopyright\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalCopyright.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalTrademarks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalTrademarks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.Linearized\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Linearized.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Lines\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Lines.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.LinkerVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinkerVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinksUpToDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinksUpToDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.MIMEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MIMEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MachineType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MachineType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.Megapixels\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Megapixels.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.ModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.OSVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OSVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.ObjectFileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ObjectFileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.OriginalFileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OriginalFileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.PDFVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PDFVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PTEX_Fullbanner.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PageCount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PageCount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.Pages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Pages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Paragraphs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Paragraphs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.PrivateBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PrivateBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.Producer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Producer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.ProductName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.RevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.ScaleCrop\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ScaleCrop.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.Security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Security.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.SharedDoc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SharedDoc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.Software\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Software.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.SourceFile\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SourceFile.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SpecialBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SpecialBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.Subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.SubsystemVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SubsystemVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SvnRevision\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SvnRevision.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.Template\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Template.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.TimeStamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TimeStamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.Title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.TitleOfParts\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TitleOfParts.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TotalEditTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TotalEditTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.Trapped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Trapped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.UninitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.Warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Words\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Words.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.XMPToolkit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.XMPToolkit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.header\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.header.header.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.ini.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ini.keys.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.section\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.section.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.sections\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.sections.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.libarchive.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.mmbot.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.ocr.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ole.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.total.streams\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.objects\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.age\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.pdb\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.pdb.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.file_info.fixed.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.operating_systems.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.type.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.string.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.var.character_set\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.character_set.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.header.address.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.data\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.entry_point\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.file\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.section\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.characteristics.dll\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.dll.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.checksum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.machine.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.magic.dos\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.dos.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.size.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.initialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.uninitialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.headers\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.linker\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.operating_system\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.subsystem\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.imphash\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.imphash.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.resources.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.resources.language.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.sub\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.sub.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.sections.address.physical\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.address.virtual\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.characteristics\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.characteristics.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.exported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.exported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.imported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.imported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.libraries\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.libraries.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.table.address\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.table.library\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.library.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.symbol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbols\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbols.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.total.libraries\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.resources\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.sections\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.symbols\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.certificates\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.upx.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.urls\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.url.urls.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.vb.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vb.functions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.functions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.operators\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.operators.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.strings\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.strings.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.tokens\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.tokens.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vba.auto_exec\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.auto_exec.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.base64\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.base64.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.ioc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.ioc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.suspicious\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.suspicious.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.expired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.fingerprint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.fingerprint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.not_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.not_before\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.serial_number\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.serial_number.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.namespaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.namespaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.total.tags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.yara.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.yara.matches\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.matches.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"scan.yara.meta.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.meta.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.meta.identifier\"}}},{\"name\":\"scan.yara.meta.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.meta.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.meta.rule\"}}},{\"name\":\"scan.yara.meta.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.meta.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.meta.value\"}}},{\"name\":\"server.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.ip\"}}},{\"name\":\"server.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.port\"}}},{\"name\":\"server.reply_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"sip.call_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.call_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.content_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.content_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.request.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.response.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.seq\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.seq.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.transaction.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"smb.file_system\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.file_system.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.share_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.share_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smtp.cc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.cc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.first_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.first_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.helo\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.helo.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.in_reply_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.in_reply_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.is_webmail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.last_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.last_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.mail_date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.message_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.message_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.recipient_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.recipient_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.second_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.second_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.tls\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.transaction_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"snmp.community\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.community.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.display_string\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.display_string.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.get.bulk_requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.responses\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.set.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.up_since\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.up_since.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"socks.bound.host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.bound.host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.request.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.request.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.version.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.major\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor2\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.unparsed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.unparsed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.ip\"}}},{\"name\":\"source.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.ip\"}}},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.attempts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.cipher_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.cipher_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.compression_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.compression_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.direction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.hassh_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.host_key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.kex_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.kex_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.mac_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.mac_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.client.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.established\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.last_alert\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.last_alert.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.next_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.next_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.resumed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.server_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.server_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.validation_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.validation_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"syslog.facility\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.facility.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.facility\"}}},{\"name\":\"syslog.severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.severity\"}}},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tags\"}}},{\"name\":\"tunnel.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"user.gid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.gid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.gid\"}}},{\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"user.shell\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.shell.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.shell\"}}},{\"name\":\"user.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.uid\"}}},{\"name\":\"version.minor3\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.notice\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.peer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.peer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"winlog.activity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.activity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.api\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.api.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.channel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.channel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.computer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.event_data.Address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.AddressLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AddressLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.Binary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Binary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.BufferSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.BufferSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.BufferSize\"}}},{\"name\":\"winlog.event_data.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Company\"}}},{\"name\":\"winlog.event_data.CreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.CreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.CurrentStratumNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.CurrentStratumNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CurrentStratumNumber\"}}},{\"name\":\"winlog.event_data.DeviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMajor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMinor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DomainPeer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DomainPeer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DomainPeer\"}}},{\"name\":\"winlog.event_data.ErrorMessage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ErrorMessage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ErrorMessage\"}}},{\"name\":\"winlog.event_data.FinalStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FinalStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.Hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.ImageLoaded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ImageLoaded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.IntegrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.Library\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Library.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Library\"}}},{\"name\":\"winlog.event_data.LogonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.MaxSystemTimeChangeSeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.MaxSystemTimeChangeSeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.MaxSystemTimeChangeSeconds\"}}},{\"name\":\"winlog.event_data.NewTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.OldTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OldTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.ProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.QueryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.Reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.RequiredSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RequiredSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RequiredSize\"}}},{\"name\":\"winlog.event_data.RetryMinutes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RetryMinutes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RetryMinutes\"}}},{\"name\":\"winlog.event_data.RuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.Service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Service\"}}},{\"name\":\"winlog.event_data.Signature\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signature.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.SignatureStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SignatureStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.Signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.SystemTimeChangeSeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SystemTimeChangeSeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SystemTimeChangeSeconds\"}}},{\"name\":\"winlog.event_data.TargetFilename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TargetFilename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TargetFilename\"}}},{\"name\":\"winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TerminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TimeOffsetSeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TimeOffsetSeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TimeOffsetSeconds\"}}},{\"name\":\"winlog.event_data.TimeSource\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TimeSource.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TimeSource\"}}},{\"name\":\"winlog.event_data.TimeSourceRefId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TimeSourceRefId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TimeSourceRefId\"}}},{\"name\":\"winlog.event_data.UtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.UtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.errorCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.errorCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.param1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param4\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param4.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param7\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param7.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.serviceGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.updateGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateRevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateTitle\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateTitle.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.opcode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.opcode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.provider_guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.record_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.task\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.task.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.user.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user_data.RebootReasons\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.RebootReasons.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.RebootReasons\"}}},{\"name\":\"winlog.user_data.RmSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.RmSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.RmSessionId\"}}},{\"name\":\"winlog.user_data.UTCStartTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.UTCStartTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.UTCStartTime\"}}},{\"name\":\"winlog.user_data.nApplications\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.nApplications.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.nApplications\"}}},{\"name\":\"winlog.user_data.xml_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.xml_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.basic_constraints.ca\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.exponent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.exponent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.key.algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.key.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.not_valid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.signing_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.signing_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.san_dns\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.san_dns.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}},{\"name\":\"Push to TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'https://PLACEHOLDER/soctopus/thehive/alert/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","timeFieldName":"@timestamp","title":"*:so-*"},"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-16T16:56:13.728Z","version":"Wzg0NCwyXQ=="} +{"attributes":{"fieldFormatMap":"{\"network.community_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:network.community_id,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(network.community_id:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.ip.keyword:'{{ value }}')),(term:(destination.ip.keyword:'{{ value }}')))),meta:(alias:'source.ip:%20!'{{ value }}!'%20OR%20destination.ip:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.ip.keyword%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.ip.keyword%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"source.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"destination.port\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(('$state':(store:globalState),bool:(should:!((term:(source.port:'{{ value }}')),(term:(destination.port:'{{ value }}')))),meta:(alias:'source.port:%20!'{{ value }}!'%20OR%20destination.port:%20!'{{ value }}!'',disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:bool,negate:!f,type:custom,value:'%7B%22should%22:%5B%7B%22term%22:%7B%22source.port%22:%2210.200.1.153%22%7D%7D,%7B%22term%22:%7B%22destination.port%22:%2210.200.1.153%22%7D%7D%5D%7D'))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:20,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.fuid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.fuid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.fuid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"log.id.uid.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:log.id.uid,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(log.id.uid:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:10,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:15,x:10,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/securityonion/joblookup?esid={{ value }}\",\"labelTemplate\":\"{{ value }}\"}},\"client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"}}},\"Push to TheHive\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"\",\"labelTemplate\":\"Click to create an alert in TheHive\"}},\"event.dataset\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.dataset.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.dataset.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.dataset.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"event.module.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:event.module.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(event.module.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"agent.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:agent.name.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(agent.name.keyword:{{ value }})))),refreshInterval:(pause:!t,value:0),time:(from:now%2Fw,to:now%2Fw))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"rule.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_g=(filters:!(('$state':(store:globalState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.name:'{{ value }}')))),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.6.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.6.1')),query:(language:kuery,query:''),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)\",\"labelTemplate\":\"{{ value }}\"}},\"osquery.result.live_query\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"osquery.result.live_query.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://PLACEHOLDER/fleet/queries/new?host_uuids={{rawValue}}\",\"labelTemplate\":\"Live Query\"}},\"connection.state_description\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.state_description.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.state_description,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(connection.state_description:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.category\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.category,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.category:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"rule.uuid\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:rule.uuid,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(rule.uuid:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"connection.history.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:connection.history,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(connection.history:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.message_types.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.message_types,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dhcp.message_types:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.requested_address.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.requested_address,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.requested_address:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.assigned_ip.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.assigned_ip,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.assigned_ip:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"host.mac.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:host.mac,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(host.mac:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dhcp.lease_time\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dhcp.lease_time,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dhcp.lease_time:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.query.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }{}\"}},\"dns.query.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.query.name,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.query.name:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.answers.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.answers,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(dns.answers:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"dns.response.code_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:dns.response.code_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(dns.response.code_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.mime_type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.mime_type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.mime_type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"file.name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:file.name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(file.name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.argument.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.argument,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ftp.argument:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.user.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.user,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.user:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ftp.password.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ftp.password,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ftp.password:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.useragent.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.useragent,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(http.useragent:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.method.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.method,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.method:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.virtual_host.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.virtual_host,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.virtual_host:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"http.uri\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:http.uri.keyword,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(http.uri.keyword:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.note\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.note,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.note:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"notice.message\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:notice.message,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(notice.message:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.server_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.server_name,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(ssl.server_name:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.subject,negate:!f,params:(query:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX'),type:phrase),query:(match_phrase:(ssl.certificate.subject:'O%3DDefault%20Company%20Ltd,L%3DDefault%20City,C%3DXX')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"ssl.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:ssl.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(ssl.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.facility.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.facility,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.facility:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"syslog.severity.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:syslog.severity,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(syslog.severity:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.subject.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.subject,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.subject:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.issuer.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.issuer,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.certificate.issuer:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.san_dns.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.san_dns,negate:!f,params:(query:'{{ value }}'),type:phrase),query:(match_phrase:(x509.san_dns:'{{ value }}')))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:view)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}},\"x509.certificate.key.type.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://PLACEHOLDER\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"kibana/app/kibana/app/kibana#/dashboard/30d0ac90-729f-11ea-8dd2-9d8795a1200b?_a=(description:'',filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:'2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29',key:x509.certificate.key.type,negate:!f,params:(query:{{ value }}),type:phrase),query:(match_phrase:(x509.certificate.key.type:{{ value }})))),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),panels:!((embeddableConfig:(),gridData:(h:8,i:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,w:9,x:0,y:0),id:'8cfec8c0-6ec2-11ea-9266-1fd14ca6af34',panelIndex:c706b8e5-9d49-4700-a3ea-26e86ac3a4c4,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:'77c5d557-83e4-40b9-9177-388db29d711d',w:16,x:9,y:0),id:d04b5130-6e99-11ea-9266-1fd14ca6af34,panelIndex:'77c5d557-83e4-40b9-9177-388db29d711d',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:8,i:f044ff9c-455a-4085-88c8-92e9ead2bba0,w:23,x:25,y:0),id:d9eb5b30-6ea9-11ea-9266-1fd14ca6af34,panelIndex:f044ff9c-455a-4085-88c8-92e9ead2bba0,type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'54873f75-4452-4938-840d-3a2f50547a88',w:9,x:0,y:8),id:ad398b70-6e9a-11ea-9266-1fd14ca6af34,panelIndex:'54873f75-4452-4938-840d-3a2f50547a88',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'30749cb6-18ad-4069-b18d-5912086fff9c',w:13,x:9,y:8),id:'6b18be30-72a7-11ea-8dd2-9d8795a1200b',panelIndex:'30749cb6-18ad-4069-b18d-5912086fff9c',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'7c498d50-d009-493a-a8c9-c91303ad5556',w:13,x:22,y:8),id:b6a4f3f0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'7c498d50-d009-493a-a8c9-c91303ad5556',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:19,i:'2f69e716-e6e9-4595-801d-8f59b7d2c574',w:13,x:35,y:8),id:f4cfdeb0-72a7-11ea-8dd2-9d8795a1200b,panelIndex:'2f69e716-e6e9-4595-801d-8f59b7d2c574',type:visualization,version:'7.7.1'),(embeddableConfig:(),gridData:(h:31,i:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',w:48,x:0,y:27),id:'8b6f3150-72a2-11ea-8dd2-9d8795a1200b',panelIndex:'6ddfd0a2-337e-47d1-8d4c-bc386a4210af',type:search,version:'7.7.1')),query:(language:kuery,query:'*'),timeRestore:!f,title:'Security%20Onion%20-%20Indicator',viewMode:edit)&_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-24h,mode:quick,to:now))\",\"labelTemplate\":\"{{ value }}\"}}}","fields":"[{\"name\":\"@timestamp\",\"type\":\"date\",\"esTypes\":[\"date\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.ephemeral_id\"}}},{\"name\":\"agent.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.hostname\"}}},{\"name\":\"agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.id\"}}},{\"name\":\"agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.name\"}}},{\"name\":\"agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.type\"}}},{\"name\":\"agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"agent.version\"}}},{\"name\":\"client.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.address\"}}},{\"name\":\"client.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.id.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.id.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.id.product\"}}},{\"name\":\"client.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.ip\"}}},{\"name\":\"client.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.name\"}}},{\"name\":\"client.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.port\"}}},{\"name\":\"client.user_agent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"client.user_agent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"client.user_agent\"}}},{\"name\":\"connection.bytes.missed\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.history\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.history.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.history\"}}},{\"name\":\"connection.local.originator\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.local.responder\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.state\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state\"}}},{\"name\":\"connection.state_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.state_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"connection.state_description\"}}},{\"name\":\"data.@timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.@timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.@timestamp\"}}},{\"name\":\"data.@version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.@version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.@version\"}}},{\"name\":\"data._id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data._id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data._id\"}}},{\"name\":\"data._index\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data._index.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data._index\"}}},{\"name\":\"data._type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data._type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data._type\"}}},{\"name\":\"data.agent.ephemeral_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.ephemeral_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.ephemeral_id\"}}},{\"name\":\"data.agent.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.id\"}}},{\"name\":\"data.agent.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.name\"}}},{\"name\":\"data.agent.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.type\"}}},{\"name\":\"data.agent.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.agent.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.agent.version\"}}},{\"name\":\"data.ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.ecs.version\"}}},{\"name\":\"data.event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.action\"}}},{\"name\":\"data.event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.category\"}}},{\"name\":\"data.event.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.event.created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.created\"}}},{\"name\":\"data.event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.dataset\"}}},{\"name\":\"data.event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.kind\"}}},{\"name\":\"data.event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.module\"}}},{\"name\":\"data.event.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.event.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.event.provider\"}}},{\"name\":\"data.fields.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.fields.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.fields.module\"}}},{\"name\":\"data.host.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.architecture\"}}},{\"name\":\"data.host.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.hostname\"}}},{\"name\":\"data.host.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.id\"}}},{\"name\":\"data.host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.name\"}}},{\"name\":\"data.host.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.build\"}}},{\"name\":\"data.host.os.family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.family\"}}},{\"name\":\"data.host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.kernel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.kernel\"}}},{\"name\":\"data.host.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.name\"}}},{\"name\":\"data.host.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.platform\"}}},{\"name\":\"data.host.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.host.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.host.os.version\"}}},{\"name\":\"data.log.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.log.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.log.level\"}}},{\"name\":\"data.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.message\"}}},{\"name\":\"data.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.module\"}}},{\"name\":\"data.num_hits\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.num_matches\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.process.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.command_line\"}}},{\"name\":\"data.process.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.entity_id\"}}},{\"name\":\"data.process.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.executable\"}}},{\"name\":\"data.process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.parent.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.parent.command_line\"}}},{\"name\":\"data.process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.parent.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.parent.entity_id\"}}},{\"name\":\"data.process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.parent.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.parent.executable\"}}},{\"name\":\"data.process.pe.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pe.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.pe.description\"}}},{\"name\":\"data.process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pe.file_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.pe.file_version\"}}},{\"name\":\"data.process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pe.original_file_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.pe.original_file_name\"}}},{\"name\":\"data.process.pe.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.pe.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.pe.product\"}}},{\"name\":\"data.process.ppid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.ppid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.ppid\"}}},{\"name\":\"data.process.working_directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.process.working_directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.process.working_directory\"}}},{\"name\":\"data.tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.tags\"}}},{\"name\":\"data.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.type\"}}},{\"name\":\"data.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.user.name\"}}},{\"name\":\"data.winlog.api\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.api.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.api\"}}},{\"name\":\"data.winlog.channel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.channel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.channel\"}}},{\"name\":\"data.winlog.computer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.computer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.computer_name\"}}},{\"name\":\"data.winlog.event_data.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.Company\"}}},{\"name\":\"data.winlog.event_data.Hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.Hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.Hashes\"}}},{\"name\":\"data.winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.IntegrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.IntegrityLevel\"}}},{\"name\":\"data.winlog.event_data.LogonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.LogonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.LogonGuid\"}}},{\"name\":\"data.winlog.event_data.LogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.LogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.LogonId\"}}},{\"name\":\"data.winlog.event_data.ProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.ProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.ProcessId\"}}},{\"name\":\"data.winlog.event_data.RuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.RuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.RuleName\"}}},{\"name\":\"data.winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.TerminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.TerminalSessionId\"}}},{\"name\":\"data.winlog.event_data.UtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.event_data.UtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.event_data.UtcTime\"}}},{\"name\":\"data.winlog.event_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.winlog.opcode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.opcode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.opcode\"}}},{\"name\":\"data.winlog.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.winlog.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.winlog.provider_guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.provider_guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.provider_guid\"}}},{\"name\":\"data.winlog.provider_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.provider_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.provider_name\"}}},{\"name\":\"data.winlog.record_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data.winlog.task\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.task.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.task\"}}},{\"name\":\"data.winlog.user.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.user.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.user.domain\"}}},{\"name\":\"data.winlog.user.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.user.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.user.identifier\"}}},{\"name\":\"data.winlog.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.user.name\"}}},{\"name\":\"data.winlog.user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.winlog.user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"data.winlog.user.type\"}}},{\"name\":\"data.winlog.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dce_rpc.endpoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.endpoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.endpoint\"}}},{\"name\":\"dce_rpc.named_pipe\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.named_pipe.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.named_pipe\"}}},{\"name\":\"dce_rpc.operation\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dce_rpc.operation.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dce_rpc.operation\"}}},{\"name\":\"destination.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.city_name\"}}},{\"name\":\"destination.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.continent_name\"}}},{\"name\":\"destination.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_iso_code\"}}},{\"name\":\"destination.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.country_name\"}}},{\"name\":\"destination.geo.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.ip\"}}},{\"name\":\"destination.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_iso_code\"}}},{\"name\":\"destination.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.region_name\"}}},{\"name\":\"destination.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.geo.timezone\"}}},{\"name\":\"destination.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destination.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"destination.ip\"}}},{\"name\":\"destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destination_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.assigned_ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.assigned_ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.assigned_ip\"}}},{\"name\":\"dhcp.lease_time\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.message_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.message_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.message_types\"}}},{\"name\":\"dhcp.requested_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dhcp.requested_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dhcp.requested_address\"}}},{\"name\":\"dnp3.fc_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_reply\"}}},{\"name\":\"dnp3.fc_request\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dnp3.fc_request.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dnp3.fc_request\"}}},{\"name\":\"dnp3.iin\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.answers.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.answers\"}}},{\"name\":\"dns.authoritative\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.highest_registered_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.highest_registered_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.highest_registered_domain\"}}},{\"name\":\"dns.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.parent_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.parent_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.parent_domain\"}}},{\"name\":\"dns.parent_domain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.class_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.class_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.class_name\"}}},{\"name\":\"dns.query.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.name\"}}},{\"name\":\"dns.query.rejected\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.query.type_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.query.type_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.query.type_name\"}}},{\"name\":\"dns.recursion.available\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.recursion.desired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.reserved\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.response.code_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.response.code_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.response.code_name\"}}},{\"name\":\"dns.subdomain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.subdomain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.subdomain\"}}},{\"name\":\"dns.subdomain_length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.top_level_domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.top_level_domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"dns.top_level_domain\"}}},{\"name\":\"dns.truncated\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ttls\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ecs.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ecs.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ecs.version\"}}},{\"name\":\"error.reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"error.reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"error.reason\"}}},{\"name\":\"event.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.action\"}}},{\"name\":\"event.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.category\"}}},{\"name\":\"event.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.created\"}}},{\"name\":\"event.dataset\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.dataset.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.dataset\"}}},{\"name\":\"event.duration\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.kind\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.kind.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.kind\"}}},{\"name\":\"event.module\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.module.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.module\"}}},{\"name\":\"event.provider\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.provider.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.provider\"}}},{\"name\":\"event.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.severity_label\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.severity_label.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.severity_label\"}}},{\"name\":\"event.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"event.timestamp\"}}},{\"name\":\"file.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.action\"}}},{\"name\":\"file.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.analyzer\"}}},{\"name\":\"file.aslr\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.missing\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.overflow\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.seen\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.bytes.total\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.code_integrity\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.compile_timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.compile_timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.compile_timestamp\"}}},{\"name\":\"file.debug_data\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.dep\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.cutoff\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.extracted.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.extracted.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.extracted.filename\"}}},{\"name\":\"file.flavors.mime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.mime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.mime\"}}},{\"name\":\"file.flavors.yara\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.flavors.yara.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.flavors.yara\"}}},{\"name\":\"file.is_64bit\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_exe\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.is_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.local_orig\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.machine\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.machine.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.machine\"}}},{\"name\":\"file.mime_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mime_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mime_type\"}}},{\"name\":\"file.mimetype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.mimetype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.mimetype\"}}},{\"name\":\"file.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.name\"}}},{\"name\":\"file.orig_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_filenames\"}}},{\"name\":\"file.orig_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.orig_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.orig_mime_types\"}}},{\"name\":\"file.os\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.os.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.os\"}}},{\"name\":\"file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.path\"}}},{\"name\":\"file.resp_filenames\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_filenames.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_filenames\"}}},{\"name\":\"file.resp_mime_types\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.resp_mime_types.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.resp_mime_types\"}}},{\"name\":\"file.scanners\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.scanners.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.scanners\"}}},{\"name\":\"file.section_names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.section_names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.section_names\"}}},{\"name\":\"file.seh\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.source\"}}},{\"name\":\"file.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.subsystem\"}}},{\"name\":\"file.table.cert\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.export\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.table.import\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.timed_out\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"file.times_accessed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_accessed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_accessed\"}}},{\"name\":\"file.times_changed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_changed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_changed\"}}},{\"name\":\"file.times_created\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_created.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_created\"}}},{\"name\":\"file.times_modified\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.times_modified.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.times_modified\"}}},{\"name\":\"file.tree.node\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.node.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.node\"}}},{\"name\":\"file.tree.parent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.parent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.parent\"}}},{\"name\":\"file.tree.root\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"file.tree.root.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"file.tree.root\"}}},{\"name\":\"ftp.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.argument\"}}},{\"name\":\"ftp.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.command\"}}},{\"name\":\"ftp.data_channel_destination.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.data_channel_destination.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.data_channel_destination.ip\"}}},{\"name\":\"ftp.data_channel_destination.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_passive\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.data_channel_source.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.data_channel_source.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.data_channel_source.ip\"}}},{\"name\":\"ftp.password\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.password.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.password\"}}},{\"name\":\"ftp.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ftp.user\"}}},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hash.hassh\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.hassh.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.hassh\"}}},{\"name\":\"hash.ja3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3\"}}},{\"name\":\"hash.ja3s\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ja3s.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ja3s\"}}},{\"name\":\"hash.md5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.md5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.md5\"}}},{\"name\":\"hash.sha1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha1\"}}},{\"name\":\"hash.sha256\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.sha256.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.sha256\"}}},{\"name\":\"hash.ssdeep\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hash.ssdeep.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"hash.ssdeep\"}}},{\"name\":\"host.architecture\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.architecture.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.architecture\"}}},{\"name\":\"host.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.domain\"}}},{\"name\":\"host.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.hostname\"}}},{\"name\":\"host.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.id\"}}},{\"name\":\"host.mac\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.mac.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.mac\"}}},{\"name\":\"host.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.name\"}}},{\"name\":\"host.os.build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.build\"}}},{\"name\":\"host.os.family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.family\"}}},{\"name\":\"host.os.kernel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.kernel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.kernel\"}}},{\"name\":\"host.os.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.name\"}}},{\"name\":\"host.os.platform\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.platform.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.platform\"}}},{\"name\":\"host.os.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.os.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.os.version\"}}},{\"name\":\"host.syscheck.event\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.event.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.event\"}}},{\"name\":\"host.syscheck.gid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gid_after\"}}},{\"name\":\"host.syscheck.gname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.gname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.gname_after\"}}},{\"name\":\"host.syscheck.inode_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.inode_before\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host.syscheck.md5_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_after\"}}},{\"name\":\"host.syscheck.md5_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.md5_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.md5_before\"}}},{\"name\":\"host.syscheck.mtime_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_after\"}}},{\"name\":\"host.syscheck.mtime_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.mtime_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.mtime_before\"}}},{\"name\":\"host.syscheck.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.path\"}}},{\"name\":\"host.syscheck.perm_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.perm_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.perm_after\"}}},{\"name\":\"host.syscheck.sha1_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_after\"}}},{\"name\":\"host.syscheck.sha1_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha1_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha1_before\"}}},{\"name\":\"host.syscheck.sha256_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_after\"}}},{\"name\":\"host.syscheck.sha256_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.sha256_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.sha256_before\"}}},{\"name\":\"host.syscheck.size_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.size_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.size_after\"}}},{\"name\":\"host.syscheck.uid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uid_after\"}}},{\"name\":\"host.syscheck.uname_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.syscheck.uname_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"host.syscheck.uname_after\"}}},{\"name\":\"http.info_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.info_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.info_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.info_message\"}}},{\"name\":\"http.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.method\"}}},{\"name\":\"http.proxied\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.proxied.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.proxied\"}}},{\"name\":\"http.referrer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.referrer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.referrer\"}}},{\"name\":\"http.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.status_message\"}}},{\"name\":\"http.trans_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.uri\"}}},{\"name\":\"http.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.useragent\"}}},{\"name\":\"http.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.version\"}}},{\"name\":\"http.virtual_host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.virtual_host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"http.virtual_host\"}}},{\"name\":\"ingest.timestamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ingest.timestamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ingest.timestamp\"}}},{\"name\":\"irc.command.info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.info\"}}},{\"name\":\"irc.command.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.type\"}}},{\"name\":\"irc.command.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.command.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.command.value\"}}},{\"name\":\"irc.nickname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.nickname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.nickname\"}}},{\"name\":\"irc.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"irc.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"irc.username\"}}},{\"name\":\"kerberos.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client\"}}},{\"name\":\"kerberos.client_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.client_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.client_certificate_subject\"}}},{\"name\":\"kerberos.error_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.error_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.error_message\"}}},{\"name\":\"kerberos.request_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.request_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.request_type\"}}},{\"name\":\"kerberos.server_certificate_subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.server_certificate_subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.server_certificate_subject\"}}},{\"name\":\"kerberos.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.service\"}}},{\"name\":\"kerberos.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.cipher\"}}},{\"name\":\"kerberos.ticket.forwardable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.renewable\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kerberos.ticket.valid.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.from\"}}},{\"name\":\"kerberos.ticket.valid.until\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kerberos.ticket.valid.until.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"kerberos.ticket.valid.until\"}}},{\"name\":\"log.file.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.file.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.file.path\"}}},{\"name\":\"log.full\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.full.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.full\"}}},{\"name\":\"log.id.client_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.client_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.client_certificate_fuid\"}}},{\"name\":\"log.id.fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuid\"}}},{\"name\":\"log.id.fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.fuids\"}}},{\"name\":\"log.id.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.id\"}}},{\"name\":\"log.id.orig_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.orig_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.orig_fuids\"}}},{\"name\":\"log.id.resp_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.resp_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.resp_fuids\"}}},{\"name\":\"log.id.server_certificate_fuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.server_certificate_fuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.server_certificate_fuid\"}}},{\"name\":\"log.id.tunnel_parents\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.tunnel_parents.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.tunnel_parents\"}}},{\"name\":\"log.id.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uid\"}}},{\"name\":\"log.id.uids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.id.uids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.id.uids\"}}},{\"name\":\"log.level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.level\"}}},{\"name\":\"log.location\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"log.location.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"log.location\"}}},{\"name\":\"log.offset\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"manager.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"manager.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"manager.name\"}}},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"message\"}}},{\"name\":\"modbus.exception\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.exception.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.exception\"}}},{\"name\":\"modbus.function\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"modbus.function.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"modbus.function\"}}},{\"name\":\"mysql.argument\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.argument.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.argument\"}}},{\"name\":\"mysql.command\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.command.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.command\"}}},{\"name\":\"mysql.response\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mysql.response.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"mysql.response\"}}},{\"name\":\"mysql.rows\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mysql.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"network.community_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.community_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.community_id\"}}},{\"name\":\"network.data.decoded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.data.decoded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.data.decoded\"}}},{\"name\":\"network.protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.protocol\"}}},{\"name\":\"network.transport\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"network.transport.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"network.transport\"}}},{\"name\":\"notice.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.action\"}}},{\"name\":\"notice.message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.message\"}}},{\"name\":\"notice.note\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.note.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.note\"}}},{\"name\":\"notice.p\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"notice.peer_description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.peer_description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.peer_description\"}}},{\"name\":\"notice.sub_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"notice.sub_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"notice.sub_message\"}}},{\"name\":\"notice.suppress_for\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ntlm.server.dns.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.dns.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.dns.name\"}}},{\"name\":\"ntlm.server.nb.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.nb.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.nb.name\"}}},{\"name\":\"ntlm.server.tree.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ntlm.server.tree.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ntlm.server.tree.name\"}}},{\"name\":\"ntlm.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"observer.analyzer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.analyzer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.analyzer\"}}},{\"name\":\"observer.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"observer.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"observer.name\"}}},{\"name\":\"osquery.result.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.action\"}}},{\"name\":\"osquery.result.calendar_time\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.calendar_time.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.calendar_time\"}}},{\"name\":\"osquery.result.codename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.codename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.codename\"}}},{\"name\":\"osquery.result.columns.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.description\"}}},{\"name\":\"osquery.result.columns.directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.directory\"}}},{\"name\":\"osquery.result.columns.gid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.gid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.gid\"}}},{\"name\":\"osquery.result.columns.gid_signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.gid_signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.gid_signed\"}}},{\"name\":\"osquery.result.columns.shell\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.shell.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.shell\"}}},{\"name\":\"osquery.result.columns.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.uid\"}}},{\"name\":\"osquery.result.columns.uid_signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.uid_signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.uid_signed\"}}},{\"name\":\"osquery.result.columns.username\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.username.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.username\"}}},{\"name\":\"osquery.result.columns.uuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.columns.uuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.columns.uuid\"}}},{\"name\":\"osquery.result.counter\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.endpoint_ip1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip1\"}}},{\"name\":\"osquery.result.endpoint_ip2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.endpoint_ip2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.endpoint_ip2\"}}},{\"name\":\"osquery.result.epoch\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.hardware_serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hardware_serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hardware_serial\"}}},{\"name\":\"osquery.result.host_identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.host_identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.host_identifier\"}}},{\"name\":\"osquery.result.hostname\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.hostname.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.hostname\"}}},{\"name\":\"osquery.result.live_query\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.live_query.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.live_query\"}}},{\"name\":\"osquery.result.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"osquery.result.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"osquery.result.name\"}}},{\"name\":\"osquery.result.numerics\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"osquery.result.unix_time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"process.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.command_line\"}}},{\"name\":\"process.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.entity_id\"}}},{\"name\":\"process.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.executable\"}}},{\"name\":\"process.parent.command_line\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.command_line.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.command_line\"}}},{\"name\":\"process.parent.entity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.entity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.entity_id\"}}},{\"name\":\"process.parent.executable\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.parent.executable.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.parent.executable\"}}},{\"name\":\"process.pe.description\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.description.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.description\"}}},{\"name\":\"process.pe.file_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.file_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.file_version\"}}},{\"name\":\"process.pe.original_file_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.original_file_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.original_file_name\"}}},{\"name\":\"process.pe.product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pe.product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pe.product\"}}},{\"name\":\"process.pid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.pid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.pid\"}}},{\"name\":\"process.ppid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.ppid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.ppid\"}}},{\"name\":\"process.working_directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"process.working_directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"process.working_directory\"}}},{\"name\":\"radius.framed_address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.framed_address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.framed_address\"}}},{\"name\":\"radius.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.reply_message\"}}},{\"name\":\"radius.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"radius.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"radius.result\"}}},{\"name\":\"rdp.certificate_count\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_permanent\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.certificate_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.certificate_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.certificate_type\"}}},{\"name\":\"rdp.client_build\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.client_build.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.client_build\"}}},{\"name\":\"rdp.cookie\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.cookie.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.cookie\"}}},{\"name\":\"rdp.desktop.height\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.desktop.width\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rdp.encryption_level\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_level.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_level\"}}},{\"name\":\"rdp.encryption_method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.encryption_method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.encryption_method\"}}},{\"name\":\"rdp.keyboard_layout\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.keyboard_layout.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.keyboard_layout\"}}},{\"name\":\"rdp.requested_color_depth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.requested_color_depth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.requested_color_depth\"}}},{\"name\":\"rdp.result\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.result.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.result\"}}},{\"name\":\"rdp.security_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rdp.security_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rdp.security_protocol\"}}},{\"name\":\"request.attributes.filename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.attributes.filename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.attributes.filename\"}}},{\"name\":\"request.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.client\"}}},{\"name\":\"request.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.id\"}}},{\"name\":\"request.source\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.source.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"request.source\"}}},{\"name\":\"request.time\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.action\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.action.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.action\"}}},{\"name\":\"rule.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.category\"}}},{\"name\":\"rule.firedtimes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gdpr\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gdpr.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gdpr\"}}},{\"name\":\"rule.gid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.gpg13\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.gpg13.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.gpg13\"}}},{\"name\":\"rule.groups\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.groups.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.groups\"}}},{\"name\":\"rule.hipaa\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.hipaa.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.hipaa\"}}},{\"name\":\"rule.id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.id\"}}},{\"name\":\"rule.level\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.mail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.metadata.affected_product\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.affected_product.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.affected_product\"}}},{\"name\":\"rule.metadata.attack_target\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.attack_target.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.attack_target\"}}},{\"name\":\"rule.metadata.created_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.created_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.created_at\"}}},{\"name\":\"rule.metadata.deployment\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.deployment.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.deployment\"}}},{\"name\":\"rule.metadata.former_category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.former_category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.former_category\"}}},{\"name\":\"rule.metadata.malware_family\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.malware_family.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.malware_family\"}}},{\"name\":\"rule.metadata.performance_impact\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.performance_impact.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.performance_impact\"}}},{\"name\":\"rule.metadata.signature_severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.signature_severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.signature_severity\"}}},{\"name\":\"rule.metadata.tag\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.tag.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.tag\"}}},{\"name\":\"rule.metadata.updated_at\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.metadata.updated_at.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.metadata.updated_at\"}}},{\"name\":\"rule.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.name\"}}},{\"name\":\"rule.nist_800_53\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.nist_800_53.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.nist_800_53\"}}},{\"name\":\"rule.pci_dss\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.pci_dss.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.pci_dss\"}}},{\"name\":\"rule.rev\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"rule.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"rule.rule\"}}},{\"name\":\"rule.severity\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rule.uuid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.entropy.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.exiftool.About\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.About.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.About\"}}},{\"name\":\"scan.exiftool.AppVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.AppVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.AppVersion\"}}},{\"name\":\"scan.exiftool.Author\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Author.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Author\"}}},{\"name\":\"scan.exiftool.BitDepth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BitDepth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BitDepth\"}}},{\"name\":\"scan.exiftool.BuildID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.BuildID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.BuildID\"}}},{\"name\":\"scan.exiftool.CharCountWithSpaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharCountWithSpaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharCountWithSpaces\"}}},{\"name\":\"scan.exiftool.CharacterSet\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CharacterSet.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CharacterSet\"}}},{\"name\":\"scan.exiftool.Characters\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Characters.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Characters\"}}},{\"name\":\"scan.exiftool.CodePage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodePage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodePage\"}}},{\"name\":\"scan.exiftool.CodeSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CodeSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CodeSize\"}}},{\"name\":\"scan.exiftool.ColorType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ColorType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ColorType\"}}},{\"name\":\"scan.exiftool.Comments\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Comments.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Comments\"}}},{\"name\":\"scan.exiftool.CompObjUserType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserType\"}}},{\"name\":\"scan.exiftool.CompObjUserTypeLen\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompObjUserTypeLen.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompObjUserTypeLen\"}}},{\"name\":\"scan.exiftool.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Company\"}}},{\"name\":\"scan.exiftool.CompanyName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CompanyName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CompanyName\"}}},{\"name\":\"scan.exiftool.Compression\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Compression.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Compression\"}}},{\"name\":\"scan.exiftool.CreateDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreateDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreateDate\"}}},{\"name\":\"scan.exiftool.Creator\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Creator.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Creator\"}}},{\"name\":\"scan.exiftool.CreatorTool\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.CreatorTool.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.CreatorTool\"}}},{\"name\":\"scan.exiftool.DerivedFromDocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromDocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromDocumentID\"}}},{\"name\":\"scan.exiftool.DerivedFromInstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DerivedFromInstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DerivedFromInstanceID\"}}},{\"name\":\"scan.exiftool.Directory\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Directory.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Directory\"}}},{\"name\":\"scan.exiftool.DocumentID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.DocumentID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.DocumentID\"}}},{\"name\":\"scan.exiftool.EntryPoint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.EntryPoint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.EntryPoint\"}}},{\"name\":\"scan.exiftool.Error\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Error.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Error\"}}},{\"name\":\"scan.exiftool.ExifToolVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ExifToolVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ExifToolVersion\"}}},{\"name\":\"scan.exiftool.FileAccessDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileAccessDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileAccessDate\"}}},{\"name\":\"scan.exiftool.FileDescription\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileDescription.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileDescription\"}}},{\"name\":\"scan.exiftool.FileFlags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlags\"}}},{\"name\":\"scan.exiftool.FileFlagsMask\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileFlagsMask.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileFlagsMask\"}}},{\"name\":\"scan.exiftool.FileInodeChangeDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileInodeChangeDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileInodeChangeDate\"}}},{\"name\":\"scan.exiftool.FileModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileModifyDate\"}}},{\"name\":\"scan.exiftool.FileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileName\"}}},{\"name\":\"scan.exiftool.FileOS\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileOS.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileOS\"}}},{\"name\":\"scan.exiftool.FilePermissions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FilePermissions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FilePermissions\"}}},{\"name\":\"scan.exiftool.FileSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSize\"}}},{\"name\":\"scan.exiftool.FileSubtype\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileSubtype.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileSubtype\"}}},{\"name\":\"scan.exiftool.FileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileType\"}}},{\"name\":\"scan.exiftool.FileTypeExtension\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileTypeExtension.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileTypeExtension\"}}},{\"name\":\"scan.exiftool.FileVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersion\"}}},{\"name\":\"scan.exiftool.FileVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.FileVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.FileVersionNumber\"}}},{\"name\":\"scan.exiftool.Filter\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Filter.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Filter\"}}},{\"name\":\"scan.exiftool.Format\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Format.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Format\"}}},{\"name\":\"scan.exiftool.HasXFA\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HasXFA.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HasXFA\"}}},{\"name\":\"scan.exiftool.HeadingPairs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HeadingPairs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HeadingPairs\"}}},{\"name\":\"scan.exiftool.HyperlinksChanged\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.HyperlinksChanged.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.HyperlinksChanged\"}}},{\"name\":\"scan.exiftool.ImageHeight\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageHeight.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageHeight\"}}},{\"name\":\"scan.exiftool.ImageSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageSize\"}}},{\"name\":\"scan.exiftool.ImageVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageVersion\"}}},{\"name\":\"scan.exiftool.ImageWidth\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ImageWidth.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ImageWidth\"}}},{\"name\":\"scan.exiftool.InitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InitializedDataSize\"}}},{\"name\":\"scan.exiftool.InstanceID\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InstanceID.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InstanceID\"}}},{\"name\":\"scan.exiftool.Interlace\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Interlace.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Interlace\"}}},{\"name\":\"scan.exiftool.InternalName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.InternalName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.InternalName\"}}},{\"name\":\"scan.exiftool.Keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Keywords\"}}},{\"name\":\"scan.exiftool.Language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Language\"}}},{\"name\":\"scan.exiftool.LanguageCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LanguageCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LanguageCode\"}}},{\"name\":\"scan.exiftool.LastModifiedBy\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LastModifiedBy.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LastModifiedBy\"}}},{\"name\":\"scan.exiftool.LegalCopyright\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalCopyright.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalCopyright\"}}},{\"name\":\"scan.exiftool.LegalTrademarks\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LegalTrademarks.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LegalTrademarks\"}}},{\"name\":\"scan.exiftool.Linearized\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Linearized.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Linearized\"}}},{\"name\":\"scan.exiftool.Lines\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Lines.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Lines\"}}},{\"name\":\"scan.exiftool.LinkerVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinkerVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinkerVersion\"}}},{\"name\":\"scan.exiftool.LinksUpToDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.LinksUpToDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.LinksUpToDate\"}}},{\"name\":\"scan.exiftool.MIMEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MIMEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MIMEType\"}}},{\"name\":\"scan.exiftool.MachineType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.MachineType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.MachineType\"}}},{\"name\":\"scan.exiftool.Megapixels\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Megapixels.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Megapixels\"}}},{\"name\":\"scan.exiftool.ModifyDate\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ModifyDate.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ModifyDate\"}}},{\"name\":\"scan.exiftool.OSVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OSVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OSVersion\"}}},{\"name\":\"scan.exiftool.ObjectFileType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ObjectFileType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ObjectFileType\"}}},{\"name\":\"scan.exiftool.OriginalFileName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.OriginalFileName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.OriginalFileName\"}}},{\"name\":\"scan.exiftool.PDFVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PDFVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PDFVersion\"}}},{\"name\":\"scan.exiftool.PEType\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PEType.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PEType\"}}},{\"name\":\"scan.exiftool.PTEX_Fullbanner\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PTEX_Fullbanner.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PTEX_Fullbanner\"}}},{\"name\":\"scan.exiftool.PageCount\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PageCount.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PageCount\"}}},{\"name\":\"scan.exiftool.Pages\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Pages.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Pages\"}}},{\"name\":\"scan.exiftool.Paragraphs\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Paragraphs.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Paragraphs\"}}},{\"name\":\"scan.exiftool.PrivateBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.PrivateBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.PrivateBuild\"}}},{\"name\":\"scan.exiftool.Producer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Producer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Producer\"}}},{\"name\":\"scan.exiftool.ProductName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductName\"}}},{\"name\":\"scan.exiftool.ProductVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersion\"}}},{\"name\":\"scan.exiftool.ProductVersionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ProductVersionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ProductVersionNumber\"}}},{\"name\":\"scan.exiftool.RevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.RevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.RevisionNumber\"}}},{\"name\":\"scan.exiftool.ScaleCrop\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.ScaleCrop.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.ScaleCrop\"}}},{\"name\":\"scan.exiftool.Security\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Security.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Security\"}}},{\"name\":\"scan.exiftool.SharedDoc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SharedDoc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SharedDoc\"}}},{\"name\":\"scan.exiftool.Software\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Software.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Software\"}}},{\"name\":\"scan.exiftool.SourceFile\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SourceFile.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SourceFile\"}}},{\"name\":\"scan.exiftool.SpecialBuild\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SpecialBuild.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SpecialBuild\"}}},{\"name\":\"scan.exiftool.Subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subject\"}}},{\"name\":\"scan.exiftool.Subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Subsystem\"}}},{\"name\":\"scan.exiftool.SubsystemVersion\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SubsystemVersion.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SubsystemVersion\"}}},{\"name\":\"scan.exiftool.SvnRevision\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.SvnRevision.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.SvnRevision\"}}},{\"name\":\"scan.exiftool.Template\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Template.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Template\"}}},{\"name\":\"scan.exiftool.TimeStamp\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TimeStamp.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TimeStamp\"}}},{\"name\":\"scan.exiftool.Title\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Title.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Title\"}}},{\"name\":\"scan.exiftool.TitleOfParts\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TitleOfParts.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TitleOfParts\"}}},{\"name\":\"scan.exiftool.TotalEditTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.TotalEditTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.TotalEditTime\"}}},{\"name\":\"scan.exiftool.Trapped\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Trapped.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Trapped\"}}},{\"name\":\"scan.exiftool.UninitializedDataSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.UninitializedDataSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.UninitializedDataSize\"}}},{\"name\":\"scan.exiftool.Warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Warning\"}}},{\"name\":\"scan.exiftool.Words\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.Words.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.Words\"}}},{\"name\":\"scan.exiftool.XMPToolkit\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.exiftool.XMPToolkit.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.exiftool.XMPToolkit\"}}},{\"name\":\"scan.exiftool.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.header.header\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.header.header.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.header.header\"}}},{\"name\":\"scan.ini.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ini.keys.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.name\"}}},{\"name\":\"scan.ini.keys.section\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.section.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.section\"}}},{\"name\":\"scan.ini.keys.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.keys.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.keys.value\"}}},{\"name\":\"scan.ini.sections\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ini.sections.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ini.sections\"}}},{\"name\":\"scan.libarchive.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.libarchive.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.mmbot.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.mmbot.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.mmbot.flags\"}}},{\"name\":\"scan.ocr.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.ole.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.ole.flags\"}}},{\"name\":\"scan.ole.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.ole.total.streams\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pdf.total.objects\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.age\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.debug.guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.guid\"}}},{\"name\":\"scan.pe.debug.pdb\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.pdb.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.pdb\"}}},{\"name\":\"scan.pe.debug.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.debug.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.debug.type\"}}},{\"name\":\"scan.pe.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.file_info.fixed.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.flags\"}}},{\"name\":\"scan.pe.file_info.fixed.operating_systems\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.operating_systems.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.operating_systems\"}}},{\"name\":\"scan.pe.file_info.fixed.type.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.fixed.type.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.fixed.type.primary\"}}},{\"name\":\"scan.pe.file_info.string.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.name\"}}},{\"name\":\"scan.pe.file_info.string.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.string.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.string.value\"}}},{\"name\":\"scan.pe.file_info.var.character_set\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.character_set.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.character_set\"}}},{\"name\":\"scan.pe.file_info.var.language\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.file_info.var.language.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.file_info.var.language\"}}},{\"name\":\"scan.pe.flags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.flags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.flags\"}}},{\"name\":\"scan.pe.header.address.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.data\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.entry_point\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.address.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.file\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.alignment.section\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.characteristics.dll\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.dll.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.dll\"}}},{\"name\":\"scan.pe.header.characteristics.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.characteristics.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.characteristics.image\"}}},{\"name\":\"scan.pe.header.checksum\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.machine.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.machine.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.machine.type\"}}},{\"name\":\"scan.pe.header.magic.dos\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.dos.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.dos\"}}},{\"name\":\"scan.pe.header.magic.image\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.magic.image.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.magic.image\"}}},{\"name\":\"scan.pe.header.size.code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.initialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.data.uninitialized\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.headers\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.heap.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.commit\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.size.stack.reserve\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.subsystem\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.header.subsystem.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.header.subsystem\"}}},{\"name\":\"scan.pe.header.timestamp\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.image\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.linker\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.operating_system\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.header.version.subsystem\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.imphash\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.imphash.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.imphash\"}}},{\"name\":\"scan.pe.resources.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.resources.language.primary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.primary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.primary\"}}},{\"name\":\"scan.pe.resources.language.sub\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.language.sub.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.language.sub\"}}},{\"name\":\"scan.pe.resources.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.name\"}}},{\"name\":\"scan.pe.resources.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.resources.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.resources.type\"}}},{\"name\":\"scan.pe.sections.address.physical\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.address.virtual\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.characteristics\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.characteristics.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.characteristics\"}}},{\"name\":\"scan.pe.sections.entropy\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.sections.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.sections.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.sections.name\"}}},{\"name\":\"scan.pe.sections.size\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.exported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.exported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.exported\"}}},{\"name\":\"scan.pe.symbols.imported\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.imported.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.imported\"}}},{\"name\":\"scan.pe.symbols.libraries\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.libraries.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.libraries\"}}},{\"name\":\"scan.pe.symbols.table.address\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.symbols.table.library\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.library.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.library\"}}},{\"name\":\"scan.pe.symbols.table.symbol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbol\"}}},{\"name\":\"scan.pe.symbols.table.symbols\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.symbols.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.symbols\"}}},{\"name\":\"scan.pe.symbols.table.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.pe.symbols.table.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.pe.symbols.table.type\"}}},{\"name\":\"scan.pe.total.libraries\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.resources\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.sections\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pe.total.symbols\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.certificates\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.pkcs7.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.upx.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.url.urls\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.url.urls.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.url.urls\"}}},{\"name\":\"scan.vb.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vb.functions\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.functions.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.functions\"}}},{\"name\":\"scan.vb.names\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.names.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.names\"}}},{\"name\":\"scan.vb.operators\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.operators.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.operators\"}}},{\"name\":\"scan.vb.strings\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.strings.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.strings\"}}},{\"name\":\"scan.vb.tokens\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vb.tokens.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vb.tokens\"}}},{\"name\":\"scan.vba.auto_exec\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.auto_exec.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.auto_exec\"}}},{\"name\":\"scan.vba.base64\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.base64.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.base64\"}}},{\"name\":\"scan.vba.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.ioc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.ioc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.ioc\"}}},{\"name\":\"scan.vba.suspicious\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.vba.suspicious.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.vba.suspicious\"}}},{\"name\":\"scan.vba.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.vba.total.files\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.expired\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.fingerprint\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.fingerprint.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.fingerprint\"}}},{\"name\":\"scan.x509.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.issuer\"}}},{\"name\":\"scan.x509.not_after\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.not_before\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.x509.serial_number\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.serial_number.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.serial_number\"}}},{\"name\":\"scan.x509.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.x509.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.x509.subject\"}}},{\"name\":\"scan.x509.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.namespaces\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.namespaces.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.namespaces\"}}},{\"name\":\"scan.xml.tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.tags\"}}},{\"name\":\"scan.xml.total.extracted\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.total.tags\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.xml.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.xml.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.xml.version\"}}},{\"name\":\"scan.yara.elapsed\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"scan.yara.matches\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.matches.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.matches\"}}},{\"name\":\"scan.yara.meta.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.meta.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.meta.identifier\"}}},{\"name\":\"scan.yara.meta.rule\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.meta.rule.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.meta.rule\"}}},{\"name\":\"scan.yara.meta.value\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"scan.yara.meta.value.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"scan.yara.meta.value\"}}},{\"name\":\"server.address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.address\"}}},{\"name\":\"server.bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.ip\"}}},{\"name\":\"server.ip_bytes\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.packets\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.port\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.port.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.port\"}}},{\"name\":\"server.reply_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.reply_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.reply_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.reply_message\"}}},{\"name\":\"server.status_code\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server.status_message\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"server.status_message.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"server.status_message\"}}},{\"name\":\"sip.call_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.call_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.call_id\"}}},{\"name\":\"sip.content_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.content_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.content_type\"}}},{\"name\":\"sip.date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.date\"}}},{\"name\":\"sip.method\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.method.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.method\"}}},{\"name\":\"sip.request.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.request.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.from\"}}},{\"name\":\"sip.request.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.path\"}}},{\"name\":\"sip.request.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.request.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.request.to\"}}},{\"name\":\"sip.response.body.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.response.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.from\"}}},{\"name\":\"sip.response.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.path\"}}},{\"name\":\"sip.response.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.response.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.response.to\"}}},{\"name\":\"sip.seq\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.seq.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.seq\"}}},{\"name\":\"sip.transaction.depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sip.uri\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.uri.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.uri\"}}},{\"name\":\"sip.warning\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sip.warning.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"sip.warning\"}}},{\"name\":\"smb.file_system\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.file_system.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.file_system\"}}},{\"name\":\"smb.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.path\"}}},{\"name\":\"smb.service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.service\"}}},{\"name\":\"smb.share_type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smb.share_type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smb.share_type\"}}},{\"name\":\"smtp.cc\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.cc.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.cc\"}}},{\"name\":\"smtp.first_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.first_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.first_received\"}}},{\"name\":\"smtp.from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.from\"}}},{\"name\":\"smtp.helo\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.helo.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.helo\"}}},{\"name\":\"smtp.in_reply_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.in_reply_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.in_reply_to\"}}},{\"name\":\"smtp.is_webmail\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.last_reply\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.last_reply.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.last_reply\"}}},{\"name\":\"smtp.mail_date\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_date.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_date\"}}},{\"name\":\"smtp.mail_from\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_from.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.mail_from\"}}},{\"name\":\"smtp.message_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.message_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.message_id\"}}},{\"name\":\"smtp.path\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.path.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.path\"}}},{\"name\":\"smtp.recipient_to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.recipient_to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.recipient_to\"}}},{\"name\":\"smtp.second_received\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.second_received.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.second_received\"}}},{\"name\":\"smtp.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.subject\"}}},{\"name\":\"smtp.tls\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.to\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.to.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.to\"}}},{\"name\":\"smtp.transaction_depth\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.useragent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.useragent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"smtp.useragent\"}}},{\"name\":\"snmp.community\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.community.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.community\"}}},{\"name\":\"snmp.display_string\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.display_string.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.display_string\"}}},{\"name\":\"snmp.get.bulk_requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.get.responses\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.set.requests\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"snmp.up_since\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.up_since.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.up_since\"}}},{\"name\":\"snmp.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"snmp.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"snmp.version\"}}},{\"name\":\"socks.bound.host\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.bound.host.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.bound.host\"}}},{\"name\":\"socks.bound.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.request.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.request.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.request.name\"}}},{\"name\":\"socks.request.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"socks.status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.status\"}}},{\"name\":\"socks.user\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"socks.user.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"socks.user\"}}},{\"name\":\"socks.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.name\"}}},{\"name\":\"software.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.type\"}}},{\"name\":\"software.version.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.additional_info\"}}},{\"name\":\"software.version.major\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.minor2\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"software.version.unparsed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"software.version.unparsed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"software.version.unparsed\"}}},{\"name\":\"source.geo.city_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.city_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.city_name\"}}},{\"name\":\"source.geo.continent_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.continent_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.continent_name\"}}},{\"name\":\"source.geo.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_iso_code\"}}},{\"name\":\"source.geo.country_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.country_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.country_name\"}}},{\"name\":\"source.geo.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.ip\"}}},{\"name\":\"source.geo.location.lat\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.location.lon\",\"type\":\"number\",\"esTypes\":[\"float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source.geo.region_iso_code\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_iso_code.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_iso_code\"}}},{\"name\":\"source.geo.region_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.region_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.region_name\"}}},{\"name\":\"source.geo.timezone\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.geo.timezone.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.geo.timezone\"}}},{\"name\":\"source.ip\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"source.ip.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"source.ip\"}}},{\"name\":\"source.port\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.ip\",\"type\":\"ip\",\"esTypes\":[\"ip\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.latitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"source_geo.longitude\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.attempts\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.authentication.success\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.cipher_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.cipher_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.cipher_algorithm\"}}},{\"name\":\"ssh.client\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client\"}}},{\"name\":\"ssh.client_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.client_host_key_algorithms\"}}},{\"name\":\"ssh.compression_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.compression_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.compression_algorithm\"}}},{\"name\":\"ssh.direction\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.direction.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.direction\"}}},{\"name\":\"ssh.hassh_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_algorithms\"}}},{\"name\":\"ssh.hassh_server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server\"}}},{\"name\":\"ssh.hassh_server_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_server_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_server_algorithms\"}}},{\"name\":\"ssh.hassh_version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.hassh_version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.hassh_version\"}}},{\"name\":\"ssh.host_key\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key\"}}},{\"name\":\"ssh.host_key_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.host_key_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.host_key_algorithm\"}}},{\"name\":\"ssh.kex_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.kex_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.kex_algorithm\"}}},{\"name\":\"ssh.mac_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.mac_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.mac_algorithm\"}}},{\"name\":\"ssh.server\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server\"}}},{\"name\":\"ssh.server_host_key_algorithms\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server_host_key_algorithms.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssh.server_host_key_algorithms\"}}},{\"name\":\"ssh.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.chain_fuids\"}}},{\"name\":\"ssl.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.issuer\"}}},{\"name\":\"ssl.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.certificate.subject\"}}},{\"name\":\"ssl.cipher\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.cipher.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.cipher\"}}},{\"name\":\"ssl.client.certificate.chain_fuids\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.certificate.chain_fuids.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.certificate.chain_fuids\"}}},{\"name\":\"ssl.client.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.issuer\"}}},{\"name\":\"ssl.client.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.client.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.client.subject\"}}},{\"name\":\"ssl.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.curve\"}}},{\"name\":\"ssl.established\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.last_alert\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.last_alert.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.last_alert\"}}},{\"name\":\"ssl.next_protocol\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.next_protocol.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.next_protocol\"}}},{\"name\":\"ssl.resumed\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.server_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.server_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.server_name\"}}},{\"name\":\"ssl.validation_status\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.validation_status.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.validation_status\"}}},{\"name\":\"ssl.version\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.version.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"ssl.version\"}}},{\"name\":\"syslog.facility\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.facility.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.facility\"}}},{\"name\":\"syslog.severity\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"syslog.severity.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"syslog.severity\"}}},{\"name\":\"tags\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tags\"}}},{\"name\":\"tunnel.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"tunnel.type\"}}},{\"name\":\"user.gid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.gid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.gid\"}}},{\"name\":\"user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.name\"}}},{\"name\":\"user.shell\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.shell.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.shell\"}}},{\"name\":\"user.uid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"user.uid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"user.uid\"}}},{\"name\":\"version.minor3\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.additional_info\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.additional_info.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.additional_info\"}}},{\"name\":\"weird.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.name\"}}},{\"name\":\"weird.notice\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"weird.peer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"weird.peer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"weird.peer\"}}},{\"name\":\"winlog.activity_id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.activity_id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.activity_id\"}}},{\"name\":\"winlog.api\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.api.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.api\"}}},{\"name\":\"winlog.channel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.channel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.channel\"}}},{\"name\":\"winlog.computer_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.computer_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.computer_name\"}}},{\"name\":\"winlog.event_data.Address\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Address.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Address\"}}},{\"name\":\"winlog.event_data.AddressLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.AddressLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.AddressLength\"}}},{\"name\":\"winlog.event_data.Binary\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Binary.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Binary\"}}},{\"name\":\"winlog.event_data.BufferSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.BufferSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.BufferSize\"}}},{\"name\":\"winlog.event_data.Company\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Company.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Company\"}}},{\"name\":\"winlog.event_data.CreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.CreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CreationUtcTime\"}}},{\"name\":\"winlog.event_data.CurrentStratumNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.CurrentStratumNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.CurrentStratumNumber\"}}},{\"name\":\"winlog.event_data.DeviceName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceName\"}}},{\"name\":\"winlog.event_data.DeviceNameLength\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceNameLength.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceNameLength\"}}},{\"name\":\"winlog.event_data.DeviceTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceTime\"}}},{\"name\":\"winlog.event_data.DeviceVersionMajor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMajor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMajor\"}}},{\"name\":\"winlog.event_data.DeviceVersionMinor\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DeviceVersionMinor.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DeviceVersionMinor\"}}},{\"name\":\"winlog.event_data.DomainPeer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.DomainPeer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.DomainPeer\"}}},{\"name\":\"winlog.event_data.ErrorMessage\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ErrorMessage.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ErrorMessage\"}}},{\"name\":\"winlog.event_data.FinalStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.FinalStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.FinalStatus\"}}},{\"name\":\"winlog.event_data.Hashes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Hashes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Hashes\"}}},{\"name\":\"winlog.event_data.ImageLoaded\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ImageLoaded.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ImageLoaded\"}}},{\"name\":\"winlog.event_data.IntegrityLevel\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.IntegrityLevel.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.IntegrityLevel\"}}},{\"name\":\"winlog.event_data.Library\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Library.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Library\"}}},{\"name\":\"winlog.event_data.LogonGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonGuid\"}}},{\"name\":\"winlog.event_data.LogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.LogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.LogonId\"}}},{\"name\":\"winlog.event_data.MaxSystemTimeChangeSeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.MaxSystemTimeChangeSeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.MaxSystemTimeChangeSeconds\"}}},{\"name\":\"winlog.event_data.NewTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.NewTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.NewTime\"}}},{\"name\":\"winlog.event_data.OldTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.OldTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.OldTime\"}}},{\"name\":\"winlog.event_data.PreviousCreationUtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousCreationUtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousCreationUtcTime\"}}},{\"name\":\"winlog.event_data.PreviousTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.PreviousTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.PreviousTime\"}}},{\"name\":\"winlog.event_data.ProcessId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessId\"}}},{\"name\":\"winlog.event_data.ProcessName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.ProcessName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.ProcessName\"}}},{\"name\":\"winlog.event_data.QueryName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryName\"}}},{\"name\":\"winlog.event_data.QueryResults\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryResults.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryResults\"}}},{\"name\":\"winlog.event_data.QueryStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.QueryStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.QueryStatus\"}}},{\"name\":\"winlog.event_data.Reason\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Reason.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Reason\"}}},{\"name\":\"winlog.event_data.RequiredSize\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RequiredSize.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RequiredSize\"}}},{\"name\":\"winlog.event_data.RetryMinutes\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RetryMinutes.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RetryMinutes\"}}},{\"name\":\"winlog.event_data.RuleName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.RuleName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.RuleName\"}}},{\"name\":\"winlog.event_data.Service\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Service.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Service\"}}},{\"name\":\"winlog.event_data.Signature\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signature.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signature\"}}},{\"name\":\"winlog.event_data.SignatureStatus\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SignatureStatus.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SignatureStatus\"}}},{\"name\":\"winlog.event_data.Signed\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.Signed.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.Signed\"}}},{\"name\":\"winlog.event_data.SubjectDomainName\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectDomainName.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectDomainName\"}}},{\"name\":\"winlog.event_data.SubjectLogonId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectLogonId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectLogonId\"}}},{\"name\":\"winlog.event_data.SubjectUserSid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SubjectUserSid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SubjectUserSid\"}}},{\"name\":\"winlog.event_data.SystemTimeChangeSeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.SystemTimeChangeSeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.SystemTimeChangeSeconds\"}}},{\"name\":\"winlog.event_data.TargetFilename\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TargetFilename.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TargetFilename\"}}},{\"name\":\"winlog.event_data.TerminalSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TerminalSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TerminalSessionId\"}}},{\"name\":\"winlog.event_data.TimeOffsetSeconds\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TimeOffsetSeconds.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TimeOffsetSeconds\"}}},{\"name\":\"winlog.event_data.TimeSource\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TimeSource.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TimeSource\"}}},{\"name\":\"winlog.event_data.TimeSourceRefId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.TimeSourceRefId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.TimeSourceRefId\"}}},{\"name\":\"winlog.event_data.UtcTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.UtcTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.UtcTime\"}}},{\"name\":\"winlog.event_data.errorCode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.errorCode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.errorCode\"}}},{\"name\":\"winlog.event_data.param1\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param1.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param1\"}}},{\"name\":\"winlog.event_data.param2\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param2.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param2\"}}},{\"name\":\"winlog.event_data.param3\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param3.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param3\"}}},{\"name\":\"winlog.event_data.param4\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param4.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param4\"}}},{\"name\":\"winlog.event_data.param5\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param5.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param5\"}}},{\"name\":\"winlog.event_data.param6\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param6.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param6\"}}},{\"name\":\"winlog.event_data.param7\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.param7.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.param7\"}}},{\"name\":\"winlog.event_data.serviceGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.serviceGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.serviceGuid\"}}},{\"name\":\"winlog.event_data.updateGuid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateGuid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateGuid\"}}},{\"name\":\"winlog.event_data.updateRevisionNumber\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateRevisionNumber.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateRevisionNumber\"}}},{\"name\":\"winlog.event_data.updateTitle\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.event_data.updateTitle.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.event_data.updateTitle\"}}},{\"name\":\"winlog.event_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.keywords\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.keywords.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.keywords\"}}},{\"name\":\"winlog.opcode\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.opcode.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.opcode\"}}},{\"name\":\"winlog.process.pid\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.process.thread.id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.provider_guid\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_guid.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_guid\"}}},{\"name\":\"winlog.provider_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.provider_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.provider_name\"}}},{\"name\":\"winlog.record_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"winlog.task\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.task.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.task\"}}},{\"name\":\"winlog.user.domain\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.domain.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.domain\"}}},{\"name\":\"winlog.user.identifier\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.identifier.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.identifier\"}}},{\"name\":\"winlog.user.name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.name\"}}},{\"name\":\"winlog.user.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user.type\"}}},{\"name\":\"winlog.user_data.RebootReasons\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.RebootReasons.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.RebootReasons\"}}},{\"name\":\"winlog.user_data.RmSessionId\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.RmSessionId.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.RmSessionId\"}}},{\"name\":\"winlog.user_data.UTCStartTime\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.UTCStartTime.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.UTCStartTime\"}}},{\"name\":\"winlog.user_data.nApplications\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.nApplications.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.nApplications\"}}},{\"name\":\"winlog.user_data.xml_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"winlog.user_data.xml_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"winlog.user_data.xml_name\"}}},{\"name\":\"winlog.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.basic_constraints.ca\",\"type\":\"boolean\",\"esTypes\":[\"boolean\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.curve\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.curve.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.curve\"}}},{\"name\":\"x509.certificate.exponent\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.exponent.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.exponent\"}}},{\"name\":\"x509.certificate.issuer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.issuer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.issuer\"}}},{\"name\":\"x509.certificate.key.algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.algorithm\"}}},{\"name\":\"x509.certificate.key.length\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.certificate.key.type\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.key.type.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.key.type\"}}},{\"name\":\"x509.certificate.not_valid_after\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_after.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_after\"}}},{\"name\":\"x509.certificate.not_valid_before\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.not_valid_before.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.not_valid_before\"}}},{\"name\":\"x509.certificate.serial\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.serial.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.serial\"}}},{\"name\":\"x509.certificate.signing_algorithm\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.signing_algorithm.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.signing_algorithm\"}}},{\"name\":\"x509.certificate.subject\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.certificate.subject.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.certificate.subject\"}}},{\"name\":\"x509.certificate.version\",\"type\":\"number\",\"esTypes\":[\"long\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"x509.san_dns\",\"type\":\"string\",\"esTypes\":[\"text\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"x509.san_dns.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"x509.san_dns\"}}},{\"name\":\"Push to TheHive\",\"type\":\"string\",\"count\":0,\"scripted\":true,\"script\":\"'https://PLACEHOLDER/soctopus/thehive/alert/' + doc['_id'].value\",\"lang\":\"painless\",\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]","timeFieldName":"@timestamp","title":"*:so-*"},"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","migrationVersion":{"index-pattern":"7.6.0"},"references":[],"type":"index-pattern","updated_at":"2020-07-16T16:56:13.728Z","version":"Wzg0NCwyXQ=="} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - All Logs","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - All Logs\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":29}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"id":"d04b5130-6e99-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzQsMV0="} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Logs Over Time","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security Onion - Logs Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"interpolate\":\"linear\",\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"id":"23ed13a0-6e9a-11ea-9266-1fd14ca6af34","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzUsMV0="} {"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security Onion - Source IPs","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security Onion - Source IPs\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"source.ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}"},"id":"6b18be30-72a7-11ea-8dd2-9d8795a1200b","migrationVersion":{"visualization":"7.7.0"},"references":[{"id":"2289a0c0-6970-11ea-a0cd-ffa0f6a1bc29","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-07-15T13:17:15.442Z","version":"WzYsMV0="} From 446817353ddb85e2d1a4a8e99e1fd8dd093443e4 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 17 Jul 2020 13:09:18 -0400 Subject: [PATCH 092/124] [refactor] `| tee ... >>` to `> ... 2>>` to show errors in log --- setup/so-functions | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 58bde1aba..75fa51534 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -1314,7 +1314,7 @@ saltify() { # Add saltstack repo(s) wget -q --inet4-only -O - https://repo.saltstack.com"$py_ver_url_path"/ubuntu/"$ubuntu_version"/amd64/archive/2019.2.5/SALTSTACK-GPG-KEY.pub | apt-key add - >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5 $OSVER main" | tee /etc/apt/sources.list.d/saltstack2019.list >> "$setup_log" 2>&1 + echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5 $OSVER main" > /etc/apt/sources.list.d/saltstack2019.list 2>> "$setup_log" # Add Docker repo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - >> "$setup_log" 2>&1 @@ -1329,7 +1329,7 @@ saltify() { # Get key and install wazuh curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | apt-key add - >> "$setup_log" 2>&1 # Add repo - echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list >> "$setup_log" 2>&1 + echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" # Initialize the new repos apt-get update >> "$setup_log" 2>&1 set_progress_str 6 'Installing various dependencies' @@ -1346,8 +1346,8 @@ saltify() { echo "Using apt-key add to add SALTSTACK-GPG-KEY.pub and GPG-KEY-WAZUH" >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/SALTSTACK-GPG-KEY.pub >> "$setup_log" 2>&1 apt-key add "$temp_install_dir"/gpg/GPG-KEY-WAZUH >> "$setup_log" 2>&1 - echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5/ $OSVER main" | tee /etc/apt/sources.list.d/saltstack.list >> "$setup_log" 2>&1 - echo "deb https://packages.wazuh.com/3.x/apt/ stable main" | tee /etc/apt/sources.list.d/wazuh.list >> "$setup_log" 2>&1 + echo "deb http://repo.saltstack.com$py_ver_url_path/ubuntu/$ubuntu_version/amd64/archive/2019.2.5/ $OSVER main" > /etc/apt/sources.list.d/saltstack.list 2>> "$setup_log" + echo "deb https://packages.wazuh.com/3.x/apt/ stable main" > /etc/apt/sources.list.d/wazuh.list 2>> "$setup_log" ;; esac apt-get update >> "$setup_log" 2>&1 From 6ba342c08488724c14ee496493f85cc1444cd01d Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 17 Jul 2020 13:30:05 -0400 Subject: [PATCH 093/124] remove quotes --- setup/so-functions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index b159f286f..6be0bc63d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -465,9 +465,9 @@ copy_minion_tmp_files() { ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/pillar; ssh -i /root/.ssh/so.key soremote@"$MSRV" mkdir -p /tmp/"$MINION_ID"/schedules; scp -prv -i /root/.ssh/so.key "$temp_install_dir"/pillar/minions/* soremote@"$MSRV":/tmp/"$MINION_ID"/pillar/; - if [ -d "$temp_install_dir"/salt/patch/os/schedules/ ]; then + if [ -d $temp_install_dir/salt/patch/os/schedules/ ]; then if [ "$(ls -A $temp_install_dir/salt/patch/os/schedules/)" ]; then - scp -prv -i /root/.ssh/so.key "$temp_install_dir"/salt/patch/os/schedules/* soremote@"$MSRV":/tmp/"$MINION_ID"/schedules; + scp -prv -i /root/.ssh/so.key $temp_install_dir/salt/patch/os/schedules/* soremote@$MSRV:/tmp/$MINION_ID/schedules; fi fi ssh -i /root/.ssh/so.key soremote@"$MSRV" sudo $default_salt_dir/salt/manager/files/add_minion.sh "$MINION_ID"; From 5570c778adb4aac915188656c8780d20d329d1f8 Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 17 Jul 2020 13:30:08 -0400 Subject: [PATCH 094/124] [feat] Add hostname formatting check for manager hostname --- setup/so-whiptail | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/setup/so-whiptail b/setup/so-whiptail index 3c00a30d3..52889106e 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -604,6 +604,22 @@ whiptail_management_server() { local exitstatus=$? whiptail_check_exitstatus $exitstatus + while [[ $MSRV == *'localhost'* || ! ( $MSRV =~ ^[a-zA-Z0-9\-]*$ ) ]] ; do + local error_message + error_message=$(echo "Please choose a valid hostname. It cannot contain localhost; and must contain only \ + the ASCII letters 'A-Z' and 'a-z' (case-sensitive), the digits '0' through '9', \ + and hyphen ('-')" | tr -d '\t') + + whiptail --title "Security Onion Setup" \ + --msgbox "$error_message" 10 75 + + MSRV=$(whiptail --title "Security Onion Setup" --inputbox \ + "Enter your Manager Server hostname. It is CASE SENSITIVE!" 10 75 XXXX 3>&1 1>&2 2>&3) + + local exitstatus=$? + whiptail_check_exitstatus $exitstatus + done + if ! getent hosts "$MSRV"; then add_manager_hostfile fi @@ -982,10 +998,13 @@ whiptail_set_hostname() { error_message=$(echo "Please choose a valid hostname. It cannot contain localhost; and must contain only \ the ASCII letters 'a' through 'z' (case-insensitive), the digits '0' through '9', \ and hyphen ('-')" | tr -d '\t') + whiptail --title "Security Onion Setup" \ --msgbox "$error_message" 10 75 + HOSTNAME=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter the hostname (not FQDN) you would like to set." 10 75 "$HOSTNAME" 3>&1 1>&2 2>&3) + local exitstatus=$? whiptail_check_exitstatus $exitstatus done From 74f6f2abeea73532795f10ede7d385212f1f87cd Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 17 Jul 2020 13:38:55 -0400 Subject: [PATCH 095/124] Update soup --- salt/common/tools/sbin/soup | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 0cec8fe72..75e5da10e 100644 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -130,7 +130,7 @@ update_dockers() { docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i:$NEWVERSION # Tag it with the new registry destination docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION - docker push $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION + docker push $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION done } @@ -139,6 +139,7 @@ update_version() { # Update the version to the latest echo "Updating the version file." echo $NEWVERSION > /etc/soversion + sed -i 's/$INSTALLEDVERSION/$NEWVERISON/g' /opt/so/saltstack/local/pillar/static.sls } upgrade_check() { @@ -177,4 +178,6 @@ clean_dockers update_dockers copy_new_files highstate -update_version \ No newline at end of file +update_version +echo "" +echo "Upgrade from $INSTALLEDVERSION to $NEWVERSION complete." From e3efaee864869dc4fd22553111d19a744604b2b0 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 17 Jul 2020 14:41:44 -0400 Subject: [PATCH 096/124] change reference from bro to zeek --- pillar/docker/config.sls | 6 +++--- pillar/top.sls | 10 +++++----- pillar/{brologs.sls => zeeklogs.sls} | 2 +- salt/common/maps/so-status.map.jinja | 4 ++-- salt/common/tools/sbin/so-bro-logs | 14 +++++++------- salt/filebeat/etc/filebeat.yml | 6 +++--- salt/suricata/init.sls | 2 +- salt/suricata/suricata_config.map.jinja | 2 +- salt/top.sls | 10 +++++----- salt/zeek/files/node.cfg | 2 +- setup/automation/pm_standalone_defaults | 4 ++-- setup/so-common-functions | 4 ++-- setup/so-functions | 22 +++++++++++----------- setup/so-setup | 12 ++++++------ setup/so-whiptail | 20 ++++++++++---------- 15 files changed, 60 insertions(+), 60 deletions(-) rename pillar/{brologs.sls => zeeklogs.sls} (97%) diff --git a/pillar/docker/config.sls b/pillar/docker/config.sls index dd73f3aa9..4d70fd517 100644 --- a/pillar/docker/config.sls +++ b/pillar/docker/config.sls @@ -5,7 +5,7 @@ {% set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') %} {% set FREQSERVER = salt['pillar.get']('manager:freq', '0') %} {% set DOMAINSTATS = salt['pillar.get']('manager:domainstats', '0') %} -{% set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %} +{% set ZEEKVER = salt['pillar.get']('static:zeekversion', 'COMMUNITY') %} {% set GRAFANA = salt['pillar.get']('manager:grafana', '0') %} eval: @@ -63,7 +63,7 @@ heavy_node: - so-suricata - so-wazuh - so-filebeat - {% if BROVER != 'SURICATA' %} + {% if ZEEKVER != 'SURICATA' %} - so-zeek {% endif %} helix: @@ -186,7 +186,7 @@ sensor: - so-telegraf - so-steno - so-suricata - {% if BROVER != 'SURICATA' %} + {% if ZEEKVER != 'SURICATA' %} - so-zeek {% endif %} - so-wazuh diff --git a/pillar/top.sls b/pillar/top.sls index 9ab170a97..889f0b63f 100644 --- a/pillar/top.sls +++ b/pillar/top.sls @@ -15,7 +15,7 @@ base: '*_sensor': - static - - brologs + - zeeklogs - healthcheck.sensor - minions.{{ grains.id }} @@ -32,7 +32,7 @@ base: '*_eval': - data.* - - brologs + - zeeklogs - secrets - healthcheck.eval - elasticsearch.eval @@ -45,7 +45,7 @@ base: - logstash.search - elasticsearch.search - data.* - - brologs + - zeeklogs - secrets - healthcheck.standalone - static @@ -57,13 +57,13 @@ base: '*_heavynode': - static - - brologs + - zeeklogs - minions.{{ grains.id }} '*_helix': - static - fireeye - - brologs + - zeeklogs - logstash - logstash.helix - minions.{{ grains.id }} diff --git a/pillar/brologs.sls b/pillar/zeeklogs.sls similarity index 97% rename from pillar/brologs.sls rename to pillar/zeeklogs.sls index 95f18691e..882cb92a9 100644 --- a/pillar/brologs.sls +++ b/pillar/zeeklogs.sls @@ -1,4 +1,4 @@ -brologs: +zeeklogs: enabled: - conn - dce_rpc diff --git a/salt/common/maps/so-status.map.jinja b/salt/common/maps/so-status.map.jinja index f30291f90..93f5f3d13 100644 --- a/salt/common/maps/so-status.map.jinja +++ b/salt/common/maps/so-status.map.jinja @@ -33,7 +33,7 @@ {% endif %} {% if role in ['heavynode', 'standalone'] %} - {{ append_containers('static', 'broversion', 'SURICATA') }} + {{ append_containers('static', 'zeekversion', 'SURICATA') }} {% endif %} {% if role == 'searchnode' %} @@ -41,5 +41,5 @@ {% endif %} {% if role == 'sensor' %} - {{ append_containers('static', 'broversion', 'SURICATA') }} + {{ append_containers('static', 'zeekversion', 'SURICATA') }} {% endif %} \ No newline at end of file diff --git a/salt/common/tools/sbin/so-bro-logs b/salt/common/tools/sbin/so-bro-logs index 4f55eb7f4..353eece1e 100755 --- a/salt/common/tools/sbin/so-bro-logs +++ b/salt/common/tools/sbin/so-bro-logs @@ -1,17 +1,17 @@ #!/bin/bash local_salt_dir=/opt/so/saltstack/local -bro_logs_enabled() { +zeek_logs_enabled() { - echo "brologs:" > $local_salt_dir/pillar/brologs.sls - echo " enabled:" >> $local_salt_dir/pillar/brologs.sls + echo "zeeklogs:" > $local_salt_dir/pillar/zeeklogs.sls + echo " enabled:" >> $local_salt_dir/pillar/zeeklogs.sls for BLOG in ${BLOGS[@]}; do - echo " - $BLOG" | tr -d '"' >> $local_salt_dir/pillar/brologs.sls + echo " - $BLOG" | tr -d '"' >> $local_salt_dir/pillar/zeeklogs.sls done } -whiptail_manager_adv_service_brologs() { +whiptail_manager_adv_service_zeeklogs() { BLOGS=$(whiptail --title "Security Onion Setup" --checklist "Please Select Logs to Send:" 24 78 12 \ "conn" "Connection Logging" ON \ @@ -54,5 +54,5 @@ whiptail_manager_adv_service_brologs() { "x509" "x.509 Logs" ON 3>&1 1>&2 2>&3 ) } -whiptail_manager_adv_service_brologs -bro_logs_enabled +whiptail_manager_adv_service_zeeklogs +zeek_logs_enabled diff --git a/salt/filebeat/etc/filebeat.yml b/salt/filebeat/etc/filebeat.yml index 1342775b7..825ffaf64 100644 --- a/salt/filebeat/etc/filebeat.yml +++ b/salt/filebeat/etc/filebeat.yml @@ -6,7 +6,7 @@ {%- set HOSTNAME = salt['grains.get']('host', '') %} -{%- set BROVER = salt['pillar.get']('static:broversion', 'COMMUNITY') %} +{%- set ZEEKVER = salt['pillar.get']('static:zeekversion', 'COMMUNITY') %} {%- set WAZUHENABLED = salt['pillar.get']('static:wazuh', '0') %} {%- set STRELKAENABLED = salt['pillar.get']('strelka:enabled', '0') %} {%- set FLEETMANAGER = salt['pillar.get']('static:fleet_manager', False) -%} @@ -100,8 +100,8 @@ filebeat.inputs: - drop_fields: fields: ["source", "prospector", "input", "offset", "beat"] fields_under_root: true - {%- if BROVER != 'SURICATA' %} - {%- for LOGNAME in salt['pillar.get']('brologs:enabled', '') %} + {%- if ZEEKVER != 'SURICATA' %} + {%- for LOGNAME in salt['pillar.get']('zeeklogs:enabled', '') %} - type: log paths: - /nsm/zeek/logs/current/{{ LOGNAME }}.log diff --git a/salt/suricata/init.sls b/salt/suricata/init.sls index 4bb192316..c0677db16 100644 --- a/salt/suricata/init.sls +++ b/salt/suricata/init.sls @@ -14,7 +14,7 @@ # along with this program. If not, see . {% set interface = salt['pillar.get']('sensor:interface', 'bond0') %} -{% set BROVER = salt['pillar.get']('static:broversion', '') %} +{% set ZEEKVER = salt['pillar.get']('static:zeekversion', '') %} {% set VERSION = salt['pillar.get']('static:soversion', 'HH1.2.2') %} {% set IMAGEREPO = salt['pillar.get']('static:imagerepo') %} {% set MANAGER = salt['grains.get']('master') %} diff --git a/salt/suricata/suricata_config.map.jinja b/salt/suricata/suricata_config.map.jinja index 557d4e519..9fb3c9a7f 100644 --- a/salt/suricata/suricata_config.map.jinja +++ b/salt/suricata/suricata_config.map.jinja @@ -44,7 +44,7 @@ HOME_NET: "[{{salt['pillar.get']('static:hnmanager', '')}}]" {% endfor %} {% set surimeta_evelog_index = surimeta_evelog_index[0] %} -{% if salt['pillar.get']('static:broversion', 'ZEEK') == 'SURICATA' %} +{% if salt['pillar.get']('static:zeekversion', 'ZEEK') == 'SURICATA' %} {% do suricata_defaults.suricata.config.outputs[default_evelog_index]['eve-log'].types.extend(suricata_meta.suricata.config.outputs[surimeta_evelog_index]['eve-log'].types) %} {% endif %} diff --git a/salt/top.sls b/salt/top.sls index f95223354..5f316dd15 100644 --- a/salt/top.sls +++ b/salt/top.sls @@ -1,4 +1,4 @@ -{%- set BROVER = salt['pillar.get']('static:broversion', '') -%} +{%- set ZEEKVER = salt['pillar.get']('static:zeekversion', '') -%} {%- set WAZUH = salt['pillar.get']('static:wazuh', '0') -%} {%- set THEHIVE = salt['pillar.get']('manager:thehive', '0') -%} {%- set PLAYBOOK = salt['pillar.get']('manager:playbook', '0') -%} @@ -48,7 +48,7 @@ base: - pcap - suricata - healthcheck - {%- if BROVER != 'SURICATA' %} + {%- if ZEEKVER != 'SURICATA' %} - zeek {%- endif %} - wazuh @@ -86,7 +86,7 @@ base: - kibana - pcap - suricata - {%- if BROVER != 'SURICATA' %} + {%- if ZEEKVER != 'SURICATA' %} - zeek {%- endif %} {%- if STRELKA %} @@ -188,7 +188,7 @@ base: - kibana - pcap - suricata - {%- if BROVER != 'SURICATA' %} + {%- if ZEEKVER != 'SURICATA' %} - zeek {%- endif %} {%- if STRELKA %} @@ -347,7 +347,7 @@ base: {%- endif %} - pcap - suricata - {%- if BROVER != 'SURICATA' %} + {%- if ZEEKVER != 'SURICATA' %} - zeek {%- endif %} - filebeat diff --git a/salt/zeek/files/node.cfg b/salt/zeek/files/node.cfg index 6be5aa5b1..55f77982c 100644 --- a/salt/zeek/files/node.cfg +++ b/salt/zeek/files/node.cfg @@ -38,7 +38,7 @@ af_packet_fanout_id=23 af_packet_fanout_mode=AF_Packet::FANOUT_HASH af_packet_buffer_size={{ salt['pillar.get']('sensor:zeek_buffer', 128*1024*1024) }} {%- else %} -[brosa] +[zeeksa] type=standalone host=localhost interface={{ interface }} diff --git a/setup/automation/pm_standalone_defaults b/setup/automation/pm_standalone_defaults index 156697a28..d7bc1ea1f 100644 --- a/setup/automation/pm_standalone_defaults +++ b/setup/automation/pm_standalone_defaults @@ -23,11 +23,11 @@ ADMINPASS1=onionuser ADMINPASS2=onionuser ALLOW_CIDR=0.0.0.0/0 ALLOW_ROLE=a -BASICBRO=7 +BASICZEEK=7 BASICSURI=7 # BLOGS= BNICS=eth1 -BROVERSION=ZEEK +ZEEKVERSION=ZEEK # CURCLOSEDAYS= # EVALADVANCED=BASIC GRAFANA=1 diff --git a/setup/so-common-functions b/setup/so-common-functions index 078a721bf..c3df787cc 100644 --- a/setup/so-common-functions +++ b/setup/so-common-functions @@ -32,9 +32,9 @@ filter_unused_nics() { calculate_useable_cores() { # Calculate reasonable core usage - local cores_for_bro=$(( (num_cpu_cores/2) - 1 )) + local cores_for_zeek=$(( (num_cpu_cores/2) - 1 )) local lb_procs_round - lb_procs_round=$(printf "%.0f\n" $cores_for_bro) + lb_procs_round=$(printf "%.0f\n" $cores_for_zeek) if [ "$lb_procs_round" -lt 1 ]; then lb_procs=1; else lb_procs=$lb_procs_round; fi export lb_procs diff --git a/setup/so-functions b/setup/so-functions index 493030652..526fd37ae 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -143,18 +143,18 @@ secrets_pillar(){ } # Enable Bro Logs -bro_logs_enabled() { +zeek_logs_enabled() { echo "Enabling Bro Logs" >> "$setup_log" 2>&1 - local brologs_pillar=./pillar/brologs.sls + local zeeklogs_pillar=./pillar/zeeklogs.sls printf '%s\n'\ - "brologs:"\ - " enabled:" > "$brologs_pillar" + "zeeklogs:"\ + " enabled:" > "$zeeklogs_pillar" if [ "$MANAGERADV" = 'ADVANCED' ]; then for BLOG in "${BLOGS[@]}"; do - echo " - $BLOG" | tr -d '"' >> "$brologs_pillar" + echo " - $BLOG" | tr -d '"' >> "$zeeklogs_pillar" done else printf '%s\n'\ @@ -195,11 +195,11 @@ bro_logs_enabled() { " - weird"\ " - mysql"\ " - socks"\ - " - x509" >> "$brologs_pillar" + " - x509" >> "$zeeklogs_pillar" fi printf '%s\n' '----' >> "$setup_log" 2>&1 - cat "$brologs_pillar" >> "$setup_log" 2>&1 + cat "$zeeklogs_pillar" >> "$setup_log" 2>&1 } check_admin_pass() { @@ -1002,7 +1002,7 @@ manager_static() { " hnmanager: $HNMANAGER"\ " ntpserver: $NTPSERVER"\ " proxy: $PROXY"\ - " broversion: $BROVERSION"\ + " zeekversion: $ZEEKVERSION"\ " ids: $NIDS"\ " managerip: $MAINIP"\ " hiveuser: $WEBUSER"\ @@ -1470,7 +1470,7 @@ sensor_pillar() { if [ "$NSMSETUP" = 'ADVANCED' ]; then echo " zeek_pins:" >> "$pillar_file" - for PIN in "${BROPINS[@]}"; do + for PIN in "${ZEEKPINS[@]}"; do PIN=$(echo "$PIN" | cut -d\" -f2) echo " - $PIN" >> "$pillar_file" done @@ -1483,11 +1483,11 @@ sensor_pillar() { echo " zeek_lbprocs: $lb_procs" >> "$pillar_file" echo " suriprocs: $lb_procs" >> "$pillar_file" else - echo " zeek_lbprocs: $BASICBRO" >> "$pillar_file" + echo " zeek_lbprocs: $BASICZEEK" >> "$pillar_file" echo " suriprocs: $BASICSURI" >> "$pillar_file" fi printf '%s\n'\ - " brobpf:"\ + " zeekbpf:"\ " pcapbpf:"\ " nidsbpf:"\ " manager: $MSRV"\ diff --git a/setup/so-setup b/setup/so-setup index 7f8862841..b0aabbb89 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -230,7 +230,7 @@ if [[ $is_manager && $is_node ]]; then LSINPUTTHREADS=1 LSINPUTBATCHCOUNT=125 NIDS=Suricata - BROVERSION=ZEEK + ZEEKVERSION=ZEEK fi if [[ $is_node ]]; then @@ -253,7 +253,7 @@ fi if [[ $is_manager && ! $is_eval ]]; then whiptail_manager_adv - whiptail_bro_version + whiptail_zeek_version whiptail_nids whiptail_rule_setup @@ -261,8 +261,8 @@ if [[ $is_manager && ! $is_eval ]]; then whiptail_oinkcode fi - if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$BROVERSION" != 'SURICATA' ]; then - whiptail_manager_adv_service_brologs + if [ "$MANAGERADV" = 'ADVANCED' ] && [ "$ZEEKVERSION" != 'SURICATA' ]; then + whiptail_manager_adv_service_zeeklogs fi fi @@ -295,11 +295,11 @@ if [[ $is_sensor && ! $is_eval ]]; then whiptail_homenet_sensor whiptail_sensor_config if [ $NSMSETUP == 'ADVANCED' ]; then - whiptail_bro_pins + whiptail_zeek_pins whiptail_suricata_pins whiptail_bond_nics_mtu else - whiptail_basic_bro + whiptail_basic_zeek whiptail_basic_suri fi fi diff --git a/setup/so-whiptail b/setup/so-whiptail index 52889106e..cd0fb393c 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -19,11 +19,11 @@ source ./so-variables source ./so-common-functions -whiptail_basic_bro() { +whiptail_basic_zeek() { [ -n "$TESTING" ] && return - BASICBRO=$(whiptail --title "Security Onion Setup" --inputbox \ + BASICZEEK=$(whiptail --title "Security Onion Setup" --inputbox \ "Enter the number of zeek processes:" 10 75 "$lb_procs" 3>&1 1>&2 2>&3) local exitstatus=$? @@ -42,7 +42,7 @@ whiptail_basic_suri() { } -whiptail_bro_pins() { +whiptail_zeek_pins() { [ -n "$TESTING" ] && return @@ -51,20 +51,20 @@ whiptail_bro_pins() { cpu_core_list_whiptail+=("$item" "OFF") done - BROPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $lb_procs cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 ) + ZEEKPINS=$(whiptail --noitem --title "Pin Zeek CPUS" --checklist "Please select $lb_procs cores to pin Zeek to:" 20 75 12 "${cpu_core_list_whiptail[@]}" 3>&1 1>&2 2>&3 ) local exitstatus=$? whiptail_check_exitstatus $exitstatus - BROPINS=$(echo "$BROPINS" | tr -d '"') + ZEEKPINS=$(echo "$ZEEKPINS" | tr -d '"') - IFS=' ' read -ra BROPINS <<< "$BROPINS" + IFS=' ' read -ra ZEEKPINS <<< "$ZEEKPINS" } -whiptail_bro_version() { +whiptail_zeek_version() { [ -n "$TESTING" ] && return - BROVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)" ON \ + ZEEKVERSION=$(whiptail --title "Security Onion Setup" --radiolist "What tool would you like to use to generate meta data?" 20 75 4 "ZEEK" "Install Zeek (aka Bro)" ON \ "SURICATA" "Use Suricata 5" OFF 3>&1 1>&2 2>&3) local exitstatus=$? @@ -642,7 +642,7 @@ whiptail_manager_adv() { } # Ask which additional components to install -whiptail_manager_adv_service_brologs() { +whiptail_manager_adv_service_zeeklogs() { [ -n "$TESTING" ] && return @@ -1122,7 +1122,7 @@ whiptail_suricata_pins() { [ -n "$TESTING" ] && return local filtered_core_list - readarray -t filtered_core_list <<< "$(echo "${cpu_core_list[@]}" "${BROPINS[@]}" | xargs -n1 | sort | uniq -u | awk '{print $1}')" + readarray -t filtered_core_list <<< "$(echo "${cpu_core_list[@]}" "${ZEEKPINS[@]}" | xargs -n1 | sort | uniq -u | awk '{print $1}')" local filtered_core_str=() for item in "${filtered_core_list[@]}"; do From 7176fdf7a178f0f38563f81eeabe56927f8f488f Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Fri, 17 Jul 2020 14:53:01 -0400 Subject: [PATCH 097/124] rename from bro to zeek --- salt/common/tools/sbin/{so-bro-logs => so-zeek-logs} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename salt/common/tools/sbin/{so-bro-logs => so-zeek-logs} (100%) diff --git a/salt/common/tools/sbin/so-bro-logs b/salt/common/tools/sbin/so-zeek-logs similarity index 100% rename from salt/common/tools/sbin/so-bro-logs rename to salt/common/tools/sbin/so-zeek-logs From 3c855ed793918385220270d7514525e52e9ee51f Mon Sep 17 00:00:00 2001 From: William Wernert Date: Fri, 17 Jul 2020 15:38:14 -0400 Subject: [PATCH 098/124] [fix] Set $percentage since it only exists in previous subshell --- setup/so-setup | 1 + 1 file changed, 1 insertion(+) diff --git a/setup/so-setup b/setup/so-setup index b0aabbb89..978a3b665 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -631,6 +631,7 @@ if [[ -n $SO_ERROR ]]; then whiptail_setup_failed else { + export percentage=95 # set to last percentage used in previous subshell if [[ -n $ALLOW_ROLE && -n $ALLOW_CIDR ]]; then set_progress_str 98 "Running so-allow -${ALLOW_ROLE} for ${ALLOW_CIDR}" IP=$ALLOW_CIDR so-allow -$ALLOW_ROLE >> $setup_log 2>&1 From 693a101d346a195e9f09d89b41ad60cc96b9990b Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 17 Jul 2020 15:59:58 -0400 Subject: [PATCH 099/124] IDSTOOLS Pillar Items --- salt/idstools/etc/modify.conf | 4 ++++ salt/idstools/etc/rulecat.conf | 15 ++++++++++++++- setup/so-functions | 11 +++++++++++ setup/so-whiptail | 5 ++--- 4 files changed, 31 insertions(+), 4 deletions(-) diff --git a/salt/idstools/etc/modify.conf b/salt/idstools/etc/modify.conf index 79d038c26..a32725ada 100644 --- a/salt/idstools/etc/modify.conf +++ b/salt/idstools/etc/modify.conf @@ -1,3 +1,4 @@ +{% set modify_sids = salt['pillar.get']('idstools:sids:modify', {}) -%} # idstools-rulecat - modify.conf # Format: "" "" @@ -12,3 +13,6 @@ # For compatibility, most Oinkmaster modifysid lines should work as # well. #modifysid * "^drop(.*)noalert(.*)" | "alert${1}noalert${2}" +{%- for sid in modify_sids %} +{{ sid }} +{%- endfor %} \ No newline at end of file diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf index 441ce3c5b..59a5ccda5 100644 --- a/salt/idstools/etc/rulecat.conf +++ b/salt/idstools/etc/rulecat.conf @@ -1,6 +1,19 @@ ---suricata-version=4.0 +{% set URLS = salt['pillar.get']('idstools:config:urls') -%} +{% set RULESET = salt['pillar.get']('idstools:config:ruleset') -%} +{% set OINKCODE = salt['pillar.get']('idstools:config:oinkcode') -%} +--suricata-version=5.0 --merged=/opt/so/rules/nids/all.rules --local=/opt/so/rules/nids/local.rules --disable=/opt/so/idstools/etc/disable.conf --enable=/opt/so/idstools/etc/enable.conf --modify=/opt/so/idstools/etc/modify.conf +{%- if RULESET == 'ETOPEN' %} +--etopen +{%- elif RULESET == 'ETPRO' %} +--etpro={{ OINKCODE }} +{%- elif RULESET == 'TALOS' %} +--url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ OINKCODE }} +{%- endif %} +{%- for URL in URLS %} +--url={{ URL }} +{%- endfor %} \ No newline at end of file diff --git a/setup/so-functions b/setup/so-functions index 526fd37ae..7493b3f0d 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -982,7 +982,18 @@ manager_pillar() { "pcap:">> "$pillar_file"\ " sensor_checkin_interval_ms: $SENSOR_CHECKIN_INTERVAL_MS"\ ""\ + "idstools:"\ + " config:"\ + " ruleset: $RULESETUP"\ + " oinkcode: $OINKCODE"\ + " url:"\ + " sids:"\ + " enabled:"\ + " disabled:"\ + " modify:"\ + "" "kratos:" >> "$pillar_file" + printf '%s\n'\ " kratoskey: $KRATOSKEY"\ diff --git a/setup/so-whiptail b/setup/so-whiptail index cd0fb393c..f0f1fb7b5 100755 --- a/setup/so-whiptail +++ b/setup/so-whiptail @@ -576,7 +576,7 @@ whiptail_oinkcode() { [ -n "$TESTING" ] && return OINKCODE=$(whiptail --title "Security Onion Setup" --inputbox \ - "Enter your oinkcode" 10 75 XXXXXXX 3>&1 1>&2 2>&3) + "Enter your ET Pro or oinkcode" 10 75 XXXXXXX 3>&1 1>&2 2>&3) local exitstatus=$? whiptail_check_exitstatus $exitstatus @@ -956,8 +956,7 @@ whiptail_rule_setup() { "Which IDS ruleset would you like to use?\n\nThis manager server is responsible for downloading the IDS ruleset from the Internet.\n\nSensors then pull a copy of this ruleset from the manager server.\n\nIf you select a commercial ruleset, it is your responsibility to purchase enough licenses for all of your sensors in compliance with your vendor's policies." 20 75 4 \ "ETOPEN" "Emerging Threats Open" ON \ "ETPRO" "Emerging Threats PRO" OFF \ - "TALOSET" "Snort Subscriber (Talos) and ET NoGPL rulesets" OFF \ - "TALOS" "Snort Subscriber (Talos) ruleset and set a policy" OFF \ + "TALOS" "Snort Subscriber ruleset - Experimental" OFF \ 3>&1 1>&2 2>&3) local exitstatus=$? From 2e2bcfb3b7e26e1e546e104f292526ddb85a3ad3 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 17 Jul 2020 17:33:36 -0400 Subject: [PATCH 100/124] Fix functions so pillars are correct --- setup/so-functions | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 7493b3f0d..fe0ea8cb5 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -987,11 +987,7 @@ manager_pillar() { " ruleset: $RULESETUP"\ " oinkcode: $OINKCODE"\ " url:"\ - " sids:"\ - " enabled:"\ - " disabled:"\ - " modify:"\ - "" + ""\ "kratos:" >> "$pillar_file" From aaca5c7ff2adb8f97d981a1bdfd0b94c68cfff70 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 17 Jul 2020 17:35:16 -0400 Subject: [PATCH 101/124] Update rulecat.conf --- salt/idstools/etc/rulecat.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf index 59a5ccda5..b671d036e 100644 --- a/salt/idstools/etc/rulecat.conf +++ b/salt/idstools/etc/rulecat.conf @@ -1,4 +1,4 @@ -{% set URLS = salt['pillar.get']('idstools:config:urls') -%} +{% set URLS = salt['pillar.get']('idstools:config:urls, {}') -%} {% set RULESET = salt['pillar.get']('idstools:config:ruleset') -%} {% set OINKCODE = salt['pillar.get']('idstools:config:oinkcode') -%} --suricata-version=5.0 @@ -16,4 +16,4 @@ {%- endif %} {%- for URL in URLS %} --url={{ URL }} -{%- endfor %} \ No newline at end of file +{%- endfor %} From b75487dc743201c0f7a48bbfa2f03878ca8481a1 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 17 Jul 2020 17:36:13 -0400 Subject: [PATCH 102/124] Update so-functions --- setup/so-functions | 1 - 1 file changed, 1 deletion(-) diff --git a/setup/so-functions b/setup/so-functions index fe0ea8cb5..175471bd2 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -986,7 +986,6 @@ manager_pillar() { " config:"\ " ruleset: $RULESETUP"\ " oinkcode: $OINKCODE"\ - " url:"\ ""\ "kratos:" >> "$pillar_file" From 1d24d7bc7f3c85c973c280af4157704079ac3844 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Fri, 17 Jul 2020 17:38:10 -0400 Subject: [PATCH 103/124] Misc pillars --- salt/idstools/etc/disable.conf | 2 +- salt/idstools/etc/enable.conf | 2 +- salt/idstools/etc/modify.conf | 10 +---- salt/idstools/etc/rulecat.conf | 2 +- salt/zeek/fileextraction_defaults.yaml | 29 +++++++++++++++ salt/zeek/init.sls | 8 ++++ .../custom/ADD.CUSTOM.ZEEK.SCRIPTS.HERE | 0 salt/zeek/policy/intel/__load__.zeek | 7 +++- .../file-extraction/extract.zeek | 37 +++++-------------- setup/files/intel.dat | 5 +++ setup/so-functions | 10 +++-- 11 files changed, 68 insertions(+), 44 deletions(-) create mode 100644 salt/zeek/fileextraction_defaults.yaml delete mode 100644 salt/zeek/policy/custom/ADD.CUSTOM.ZEEK.SCRIPTS.HERE create mode 100644 setup/files/intel.dat diff --git a/salt/idstools/etc/disable.conf b/salt/idstools/etc/disable.conf index ff7197360..e667d54c7 100644 --- a/salt/idstools/etc/disable.conf +++ b/salt/idstools/etc/disable.conf @@ -1,4 +1,4 @@ -{% set disabled_sids = salt['pillar.get']('idstools:sids:disabled', {}) -%} +{%- set disabled_sids = salt['pillar.get']('idstools:sids:disabled', {}) -%} # idstools - disable.conf # Example of disabling a rule by signature ID (gid is optional). diff --git a/salt/idstools/etc/enable.conf b/salt/idstools/etc/enable.conf index c16b25986..da2dfb6af 100644 --- a/salt/idstools/etc/enable.conf +++ b/salt/idstools/etc/enable.conf @@ -1,4 +1,4 @@ -{% set enabled_sids = salt['pillar.get']('idstools:sids:enabled', {}) -%} +{%- set enabled_sids = salt['pillar.get']('idstools:sids:enabled', {}) -%} # idstools-rulecat - enable.conf # Example of enabling a rule by signature ID (gid is optional). diff --git a/salt/idstools/etc/modify.conf b/salt/idstools/etc/modify.conf index a32725ada..52c4ca2ea 100644 --- a/salt/idstools/etc/modify.conf +++ b/salt/idstools/etc/modify.conf @@ -1,18 +1,10 @@ -{% set modify_sids = salt['pillar.get']('idstools:sids:modify', {}) -%} +{%- set modify_sids = salt['pillar.get']('idstools:sids:modify', {}) -%} # idstools-rulecat - modify.conf # Format: "" "" # Example changing the seconds for rule 2019401 to 3600. #2019401 "seconds \d+" "seconds 3600" - -# Change all trojan-activity rules to drop. Its better to setup a -# drop.conf for this, but this does show the use of back references. -#re:classtype:trojan-activity "(alert)(.*)" "drop\\2" - -# For compatibility, most Oinkmaster modifysid lines should work as -# well. -#modifysid * "^drop(.*)noalert(.*)" | "alert${1}noalert${2}" {%- for sid in modify_sids %} {{ sid }} {%- endfor %} \ No newline at end of file diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf index 59a5ccda5..1957c6c13 100644 --- a/salt/idstools/etc/rulecat.conf +++ b/salt/idstools/etc/rulecat.conf @@ -1,4 +1,4 @@ -{% set URLS = salt['pillar.get']('idstools:config:urls') -%} +{% set URLS = salt['pillar.get']('idstools:config:urls', {}) -%} {% set RULESET = salt['pillar.get']('idstools:config:ruleset') -%} {% set OINKCODE = salt['pillar.get']('idstools:config:oinkcode') -%} --suricata-version=5.0 diff --git a/salt/zeek/fileextraction_defaults.yaml b/salt/zeek/fileextraction_defaults.yaml new file mode 100644 index 000000000..3823b8203 --- /dev/null +++ b/salt/zeek/fileextraction_defaults.yaml @@ -0,0 +1,29 @@ +zeek: + policy: + file_extraction: + - application/x-dosexec: exe + - application/pdf: pdf + - application/msword: doc + - application/vnd.ms-powerpoint: doc + - application/rtf: doc + - application/vnd.ms-word.document.macroenabled.12: doc + - application/vnd.ms-word.template.macroenabled.12: doc + - application/vnd.ms-powerpoint.template.macroenabled.12: doc + - application/vnd.ms-excel: doc + - application/vnd.ms-excel.addin.macroenabled.12: doc + - application/vnd.ms-excel.sheet.binary.macroenabled.12: doc + - application/vnd.ms-excel.template.macroenabled.12: doc + - application/vnd.ms-excel.sheet.macroenabled.12: doc + - application/vnd.openxmlformats-officedocument.presentationml.presentation: doc + - application/vnd.openxmlformats-officedocument.presentationml.slide: doc + - application/vnd.openxmlformats-officedocument.presentationml.slideshow: doc + - application/vnd.openxmlformats-officedocument.presentationml.template: doc + - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet: doc + - application/vnd.openxmlformats-officedocument.spreadsheetml.template: doc + - application/vnd.openxmlformats-officedocument.wordprocessingml.document: doc + - application/vnd.openxmlformats-officedocument.wordprocessingml.template: doc + - application/vnd.ms-powerpoint.addin.macroenabled.12: doc + - application/vnd.ms-powerpoint.slide.macroenabled.12: doc + - application/vnd.ms-powerpoint.presentation.macroenabled.12: doc + - application/vnd.ms-powerpoint.slideshow.macroenabled.12: doc + - application/vnd.openxmlformats-officedocument: doc \ No newline at end of file diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls index 103f36c5a..7b91632c9 100644 --- a/salt/zeek/init.sls +++ b/salt/zeek/init.sls @@ -68,6 +68,14 @@ zeekpolicysync: - group: 939 - template: jinja +# Sync Intel +zeekintelloadsync: + file.managed: + - name: /opt/so/conf/policy/intel/__load__.zeek + - source: salt://zeek/policy/intel/__load__.zeek + - user: 937 + - group: 939 + zeekctlcfg: file.managed: - name: /opt/so/conf/zeek/zeekctl.cfg diff --git a/salt/zeek/policy/custom/ADD.CUSTOM.ZEEK.SCRIPTS.HERE b/salt/zeek/policy/custom/ADD.CUSTOM.ZEEK.SCRIPTS.HERE deleted file mode 100644 index e69de29bb..000000000 diff --git a/salt/zeek/policy/intel/__load__.zeek b/salt/zeek/policy/intel/__load__.zeek index 4a4d603a7..4df4e0265 100644 --- a/salt/zeek/policy/intel/__load__.zeek +++ b/salt/zeek/policy/intel/__load__.zeek @@ -1 +1,6 @@ -#Intel +@load frameworks/intel/seen +@load frameworks/intel/do_notice +@load frameworks/files/hash-all-files +redef Intel::read_files += { + "/opt/zeek/share/zeek/policy/intel/intel.dat" +}; \ No newline at end of file diff --git a/salt/zeek/policy/securityonion/file-extraction/extract.zeek b/salt/zeek/policy/securityonion/file-extraction/extract.zeek index fbb635982..cf7b307ab 100644 --- a/salt/zeek/policy/securityonion/file-extraction/extract.zeek +++ b/salt/zeek/policy/securityonion/file-extraction/extract.zeek @@ -1,3 +1,4 @@ +{%- from zeek/fileextraction_defaults.yaml import zeek %} # Directory to stage Zeek extracted files before processing redef FileExtract::prefix = "/nsm/zeek/extracted/"; # Set a limit to the file size @@ -5,33 +6,15 @@ redef FileExtract::default_limit = 9000000; # These are the mimetypes we want to rip off the networks export { global _mime_whitelist: table[string] of string = { - ["application/x-dosexec"] = "exe", - ["application/pdf"] = "pdf", - ["application/msword"] = "doc", - ["application/vnd.ms-powerpoint"] = "doc", - ["application/rtf"] = "doc", - ["application/vnd.ms-word.document.macroenabled.12"] = "doc", - ["application/vnd.ms-word.template.macroenabled.12"] = "doc", - ["application/vnd.ms-powerpoint.template.macroenabled.12"] = "doc", - ["application/vnd.ms-excel"] = "doc", - ["application/vnd.ms-excel.addin.macroenabled.12"] = "doc", - ["application/vnd.ms-excel.sheet.binary.macroenabled.12"] = "doc", - ["application/vnd.ms-excel.template.macroenabled.12"] = "doc", - ["application/vnd.ms-excel.sheet.macroenabled.12"] = "doc", - ["application/vnd.openxmlformats-officedocument.presentationml.presentation"] = "doc", - ["application/vnd.openxmlformats-officedocument.presentationml.slide"] = "doc", - ["application/vnd.openxmlformats-officedocument.presentationml.slideshow"] = "doc", - ["application/vnd.openxmlformats-officedocument.presentationml.template"] = "doc", - ["application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"] = "doc", - ["application/vnd.openxmlformats-officedocument.spreadsheetml.template"] = "doc", - ["application/vnd.openxmlformats-officedocument.wordprocessingml.document"] = "doc", - ["application/vnd.openxmlformats-officedocument.wordprocessingml.template"] = "doc", - ["application/vnd.ms-powerpoint.addin.macroenabled.12"] = "doc", - ["application/vnd.ms-powerpoint.slide.macroenabled.12"] = "doc", - ["application/vnd.ms-powerpoint.presentation.macroenabled.12"] = "doc", - ["application/vnd.ms-powerpoint.slideshow.macroenabled.12"] = "doc", - ["application/vnd.openxmlformats-officedocument"] = "doc" - # Need to add other types such as zip, ps1, etc + {%- for li in zeek.policy.file_extraction %} + {%- for k,v in li %} + {%- if not loop.last %} + ["{{ k }}"] = "{{ v }}", + {%- else %} + ["{{ k }}"] = "{{ v }}" + {%- endif %} + {%- endfor %} + {%- endfor %} }; } # Start grabbing the file from the network if it matches the mimetype diff --git a/setup/files/intel.dat b/setup/files/intel.dat new file mode 100644 index 000000000..ca10994b6 --- /dev/null +++ b/setup/files/intel.dat @@ -0,0 +1,5 @@ +#fields indicator indicator_type meta.source meta.do_notice +# EXAMPLES: +#66.32.119.38 Intel::ADDR Test Address T +#www.honeynet.org Intel::DOMAIN Test Domain T +#4285358dd748ef74cb8161108e11cb73 Intel::FILE_HASH Test MD5 T diff --git a/setup/so-functions b/setup/so-functions index 7493b3f0d..ddf20c6d0 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -986,12 +986,12 @@ manager_pillar() { " config:"\ " ruleset: $RULESETUP"\ " oinkcode: $OINKCODE"\ - " url:"\ + " urls:"\ " sids:"\ " enabled:"\ " disabled:"\ " modify:"\ - "" + ""\ "kratos:" >> "$pillar_file" @@ -1441,9 +1441,11 @@ setup_salt_master_dirs() { if [ "$setup_type" = 'iso' ]; then rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 rsync -avh --exclude 'TRANS.TBL' /home/$INSTALLUSERNAME/SecurityOnion/salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 + cp -Rv /home/$INSTALLUSERNAME/SecurityOnion/files/intel.dat $local_salt_dir/salt/zeek/policy/intel/ >> "$setup_log" 2>&1 else - cp -R ../pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 - cp -R ../salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 + cp -Rv ../pillar/* $default_salt_dir/pillar/ >> "$setup_log" 2>&1 + cp -Rv ../salt/* $default_salt_dir/salt/ >> "$setup_log" 2>&1 + cp -Rv files/intel.dat $local_salt_dir/salt/zeek/policy/intel/ >> "$setup_log" 2>&1 fi echo "Chown the salt dirs on the manager for socore" >> "$setup_log" 2>&1 From 23420ace560ce032608ddd4582699926e81b79f8 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Sat, 18 Jul 2020 08:36:01 -0400 Subject: [PATCH 104/124] Prevent nmcli, setterm, and echo output from leaking to console and crontab output --- setup/so-functions | 16 ++++++++-------- setup/so-setup | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/setup/so-functions b/setup/so-functions index 175471bd2..cee4a84fd 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -522,7 +522,7 @@ configure_network_sensor() { # Create the bond interface only if it doesn't already exist - nmcli -f name,uuid -p con | grep -q "$INTERFACE" + nmcli -f name,uuid -p con | grep -q "$INTERFACE" >> "$setup_log" 2>&1 local found_int=$? if [[ $found_int != 0 ]]; then @@ -561,7 +561,7 @@ configure_network_sensor() { nmcli con up "$BNIC" >> "$setup_log" 2>&1 else # Check if the bond slave connection has already been created - nmcli -f name,uuid -p con | grep -q "bond0-slave-$BNIC" + nmcli -f name,uuid -p con | grep -q "bond0-slave-$BNIC" >> "$setup_log" 2>&1 local found_int=$? if [[ $found_int != 0 ]]; then @@ -588,7 +588,7 @@ configure_network_sensor() { } detect_cloud() { - echo "Testing if setup is running on a cloud instance..." + echo "Testing if setup is running on a cloud instance..." >> "$setup_log" 2>&1 if ( curl --fail -s -m 5 http://169.254.169.254/latest/meta-data/instance-id > /dev/null ) || ( dmidecode -s bios-vendor | grep -q Google > /dev/null); then export is_cloud="true"; fi } @@ -609,7 +609,7 @@ detect_os() { exit 1 fi - echo "Installing required packages to run installer..." + echo "Installing required packages to run installer..." >> "$setup_log" 2>&1 # Install bind-utils so the host command exists if ! command -v host > /dev/null 2>&1; then yum -y install bind-utils >> "$setup_log" 2>&1 @@ -1634,8 +1634,8 @@ set_initial_firewall_policy() { set_management_interface() { if [ "$address_type" = 'DHCP' ]; then - nmcli con mod "$MNIC" connection.autoconnect yes - nmcli con up "$MNIC" + nmcli con mod "$MNIC" connection.autoconnect yes >> "$setup_log" 2>&1 + nmcli con up "$MNIC" >> "$setup_log" 2>&1 else # Set Static IP nmcli con mod "$MNIC" ipv4.addresses "$MIP"/"$MMASK"\ @@ -1643,8 +1643,8 @@ set_management_interface() { ipv4.dns "$MDNS"\ ipv4.dns-search "$MSEARCH"\ connection.autoconnect yes\ - ipv4.method manual - nmcli con up "$MNIC" + ipv4.method manual >> "$setup_log" 2>&1 + nmcli con up "$MNIC" >> "$setup_log" 2>&1 fi } diff --git a/setup/so-setup b/setup/so-setup index 978a3b665..b9a19e9c6 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -118,7 +118,7 @@ if [ "$OS" == ubuntu ]; then update-alternatives --set newt-palette /etc/newt/palette.original >> $setup_log 2>&1 fi -setterm -blank 0 +setterm -blank 0 > /dev/null if [ "$setup_type" == 'iso' ] || (whiptail_you_sure); then true From 3de2afe6189f4c989df3e0a9541445ed887aebba Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 17:29:11 -0400 Subject: [PATCH 105/124] Fix final bugs --- ...{broversion.map.jinja => zeekversion.map.jinja} | 0 salt/idstools/etc/rulecat.conf | 12 +++++++----- salt/zeek/init.sls | 6 ++++-- .../securityonion/file-extraction/extract.zeek | 14 ++++++++------ 4 files changed, 19 insertions(+), 13 deletions(-) rename salt/common/maps/{broversion.map.jinja => zeekversion.map.jinja} (100%) diff --git a/salt/common/maps/broversion.map.jinja b/salt/common/maps/zeekversion.map.jinja similarity index 100% rename from salt/common/maps/broversion.map.jinja rename to salt/common/maps/zeekversion.map.jinja diff --git a/salt/idstools/etc/rulecat.conf b/salt/idstools/etc/rulecat.conf index 1957c6c13..5501c9b50 100644 --- a/salt/idstools/etc/rulecat.conf +++ b/salt/idstools/etc/rulecat.conf @@ -1,6 +1,6 @@ -{% set URLS = salt['pillar.get']('idstools:config:urls', {}) -%} -{% set RULESET = salt['pillar.get']('idstools:config:ruleset') -%} -{% set OINKCODE = salt['pillar.get']('idstools:config:oinkcode') -%} +{%- set URLS = salt['pillar.get']('idstools:config:urls') -%} +{%- set RULESET = salt['pillar.get']('idstools:config:ruleset') -%} +{%- set OINKCODE = salt['pillar.get']('idstools:config:oinkcode', '' ) -%} --suricata-version=5.0 --merged=/opt/so/rules/nids/all.rules --local=/opt/so/rules/nids/local.rules @@ -10,10 +10,12 @@ {%- if RULESET == 'ETOPEN' %} --etopen {%- elif RULESET == 'ETPRO' %} ---etpro={{ OINKCODE }} +--etpro={{ OINCODE }} {%- elif RULESET == 'TALOS' %} --url=https://www.snort.org/rules/snortrules-snapshot-2983.tar.gz?oinkcode={{ OINKCODE }} {%- endif %} +{%- if URLS != None %} {%- for URL in URLS %} --url={{ URL }} -{%- endfor %} \ No newline at end of file +{%- endfor %} +{%- endif %} \ No newline at end of file diff --git a/salt/zeek/init.sls b/salt/zeek/init.sls index 7b91632c9..68908a2ce 100644 --- a/salt/zeek/init.sls +++ b/salt/zeek/init.sls @@ -43,7 +43,7 @@ zeekspooldir: file.directory: - name: /nsm/zeek/spool/manager - user: 937 - - makedirs: true + - makedirs: True # Zeek extracted zeekextractdir: @@ -57,7 +57,7 @@ zeekextractcompletedir: file.directory: - name: /nsm/zeek/extracted/complete - user: 937 - - makedirs: true + - makedirs: True # Sync the policies zeekpolicysync: @@ -75,6 +75,7 @@ zeekintelloadsync: - source: salt://zeek/policy/intel/__load__.zeek - user: 937 - group: 939 + - makedirs: True zeekctlcfg: file.managed: @@ -186,3 +187,4 @@ so-zeek: - file: /opt/so/conf/zeek/zeekctl.cfg - file: /opt/so/conf/zeek/policy - file: /opt/so/conf/zeek/bpf + \ No newline at end of file diff --git a/salt/zeek/policy/securityonion/file-extraction/extract.zeek b/salt/zeek/policy/securityonion/file-extraction/extract.zeek index cf7b307ab..6f59ed447 100644 --- a/salt/zeek/policy/securityonion/file-extraction/extract.zeek +++ b/salt/zeek/policy/securityonion/file-extraction/extract.zeek @@ -1,4 +1,4 @@ -{%- from zeek/fileextraction_defaults.yaml import zeek %} +{%- import_yaml "zeek/fileextraction_defaults.yaml" as zeek with context %} # Directory to stage Zeek extracted files before processing redef FileExtract::prefix = "/nsm/zeek/extracted/"; # Set a limit to the file size @@ -6,14 +6,16 @@ redef FileExtract::default_limit = 9000000; # These are the mimetypes we want to rip off the networks export { global _mime_whitelist: table[string] of string = { - {%- for li in zeek.policy.file_extraction %} - {%- for k,v in li %} + {%- for li in zeek.zeek.policy.file_extraction %} {%- if not loop.last %} + {%- for k,v in li.items() %} ["{{ k }}"] = "{{ v }}", - {%- else %} - ["{{ k }}"] = "{{ v }}" - {%- endif %} {%- endfor %} + {%- else %} + {%- for k,v in li.items() %} + ["{{ k }}"] = "{{ v }}" + {%- endfor %} + {%- endif %} {%- endfor %} }; } From 64bd70bb481a6a9f158dd0dee02b6ec621e19886 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 17:50:25 -0400 Subject: [PATCH 106/124] Update Release Notes --- salt/soc/files/soc/changes.json | 64 ++++++++++++++++++--------------- 1 file changed, 36 insertions(+), 28 deletions(-) diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index 384a2781d..03492cc0a 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -1,32 +1,40 @@ { - "title": "Introducing Hybrid Hunter 1.4.0 Beta 3", + "title": "Security Onion 2.0.0 RC1 is here!", "changes": [ - { "summary": "Complete overhaul of the way we handle custom and default settings and data. You will now see a default and local directory under the saltstack directory. All customizations are stored in local." }, - { "summary": "The way firewall rules are handled has been completely revamped. This will allow the user to customize firewall rules much easier." }, - { "summary": "Users can now change their own password in SOC." }, - { "summary": "Hunt now allows users to enable auto-hunt. This is a toggle which, when enabled, automatically submits a new hunt when filtering, grouping, etc." }, - { "summary": "Title bar now reflects current Hunt query. This will assist users in locating a previous query from their browser history." }, - { "summary": "Zeek 3.0.7" }, - { "summary": "Elastic 7.7.1" }, - { "summary": "Suricata can now be used for meta data generation." }, - { "summary": "Suricata eve.json has been moved to `/nsm` to align with storage of other data." }, - { "summary": "Suricata will now properly rotate its logs." }, - { "summary": "Grafana dashboards now work properly in standalone mode." }, - { "summary": "Kibana Dashboard updates including osquery, community_id." }, - { "summary": "New Elasticsearch Ingest processor to generate community_id from any log that includes the required fields." }, - { "summary": "Community_id generated for additional logs: Zeek HTTP/SMTP/ , Sysmon shipped with Osquery or Winlogbeat." }, - { "summary": "Major streamlining of Fleet setup & configuration - no need to run a secondary setup script anymore." }, - { "summary": "Fleet Standalone node now includes the ability to set a FQDN to point osquery endpoints to." }, - { "summary": "Distributed installs now support ingesting Windows Eventlogs via Winlogbeat - includes full parsing support for Sysmon." }, - { "summary": "SOC Downloads section now includes a link to the supported version of Winlogbeat." }, - { "summary": "Basic syslog ingestion capability now included." }, - { "summary": "Elasticsearch index name transition fixes for various components." }, - { "summary": "Updated URLs for pivot fields in Kibana." }, - { "summary": "Instances of \"hive\" renamed to \"thehive\"." }, - { "summary": "KNOWN ISSUE: The Hunt feature is currently considered \"Preview\" and although very useful in its current state, not everything works. We wanted to get this out as soon as possible to get the feedback from you! Let us know what you want to see! Let us know what you think we should call it!" }, - { "summary": "KNOWN ISSUE: You cannot pivot to PCAP from Suricata alerts in Kibana or Hunt." }, - { "summary": "KNOWN ISSUE: Navigator is currently not working when using hostname to access SOC. IP mode works correctly." }, - { "summary": "KNOWN ISSUE: Due to the move to ECS, the current Playbook plays may not alert correctly at this time." }, - { "summary": "KNOWN ISSUE: The osquery MacOS package does not install correctly." } + { "summary": "Re-branded 2.0 to give it a fresh look." }, + { "summary": "All documentation has moved to https://docs.securityonion.net/en/2.0 " }, + { "summary": "soup is alive! Note: This tool only updates Security Onion components. Please use the built-in OS update process to keep the OS and other components up to date." }, + { "summary": "so-import-pcap is back! See the docs here: http://docs.securityonion.net/en/2.0/so-import-pcap " }, + { "summary": "Fixed issue with so-features-enable." }, + { "summary": "Users can now pivot to PCAP from Suricata alerts." }, + { "summary": "ISO install now prompts users to create an admin/sudo user instead of using a default account name." }, + { "summary": "The web email & password set during setup is now used to create the initial accounts for TheHive, Cortex, and Fleet." }, + { "summary": "Fixed issue with disk cleanup." }, + { "summary": "Changed the default permissions for /opt/so to keep non-priviledged users from accessing salt and related files." }, + { "summary": "Locked down access to certain SSL keys." }, + { "summary": "Suricata logs now compress after they roll over." }, + { "summary": "Users can now easily customize shard counts per index." }, + { "summary": "Improved Elastic ingest parsers including Windows event logs and Sysmon logs shipped with WinLogbeat and Osquery (ECS)." }, + { "summary": "Elastic nodes are now HOT by default, making it easier to add a warm node later." }, + { "summary": "so-allow now runs at the end of an install so users can enable access right away." }, + { "summary": "Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardized and copied to `event.severity`:" }, + { "summary": " - 1-Low / 2-Medium / 3-High / 4-Critical." }, + { "summary": "Initial implementation of alerting queues:" }, + { "summary": " - Low & Medium alerts are accessible through Kibana & Hunt." }, + { "summary": " - High & Critical alerts are accessible through Kibana, Hunt and sent to TheHive for immediate analysis." }, + { "summary": " - ATT&CK Navigator is now a statically-hosted site in the nginx container." }, + { "summary": "Playbook:" }, + { "summary": " - All Sigma rules in the community repo (500+) are now imported and kept up to date." }, + { "summary": " - Initial implementation of automated testing when a Play's detection logic has been edited (i.e., Unit Testing)." }, + { "summary": " - Updated UI Theme." }, + { "summary": " - Once authenticated through SOC, users can now access Playbook with analyst permissions without login." }, + { "summary": "Kolide Launcher has been updated to include the ability to pass arbitrary flags. - New functionality sponsored by SOS." }, + { "summary": "Fixed issue with Wazuh authd registration service port not being correctly exposed." }, + { "summary": "Added option for exposure of Elasticsearch REST API (port 9200) to so-allow for easier external querying/integration with other tools." }, + { "summary": "Added option to so-allow for external Strelka file uploads (e.g., via strelka-fileshot)." }, + { "summary": "Added default YARA rules for Strelka - Default rules are maintained by Florian Roth and pulled from https://github.com/Neo23x0/signature-base" }, + { "summary": "Added the ability to use custom Zeek scripts." }, + { "summary": "Renamed "master server" to "manager node"." }, + { "summary": "Improved unification of Zeek and Strelka file data." }, ] } From 517edf19388bb520ecc5a5a902a0e8e7c8886258 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 17:55:35 -0400 Subject: [PATCH 107/124] Update Release Notes --- salt/soc/files/soc/changes.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index 03492cc0a..f9d779da4 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -34,7 +34,7 @@ { "summary": "Added option to so-allow for external Strelka file uploads (e.g., via strelka-fileshot)." }, { "summary": "Added default YARA rules for Strelka - Default rules are maintained by Florian Roth and pulled from https://github.com/Neo23x0/signature-base" }, { "summary": "Added the ability to use custom Zeek scripts." }, - { "summary": "Renamed "master server" to "manager node"." }, + { "summary": "Renamed \"master server\" to \"manager node\"." }, { "summary": "Improved unification of Zeek and Strelka file data." }, ] } From 1bcbcb1f98d727bf26a0c93d9ff028f9e498bc95 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 22:46:57 -0400 Subject: [PATCH 108/124] Fix idstools jinja --- salt/idstools/etc/disable.conf | 5 +++-- salt/idstools/etc/enable.conf | 5 +++-- salt/idstools/etc/modify.conf | 4 +++- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/salt/idstools/etc/disable.conf b/salt/idstools/etc/disable.conf index e667d54c7..84144a495 100644 --- a/salt/idstools/etc/disable.conf +++ b/salt/idstools/etc/disable.conf @@ -9,7 +9,8 @@ # - All regular expression matches are case insensitive. # re:hearbleed # re:MS(0[7-9]|10)-\d+ - +{%- if disabled_sids != None %} {%- for sid in disabled_sids %} {{ sid }} -{%- endfor %} \ No newline at end of file +{%- endfor %} +{%- endif %} \ No newline at end of file diff --git a/salt/idstools/etc/enable.conf b/salt/idstools/etc/enable.conf index da2dfb6af..5da0bfc61 100644 --- a/salt/idstools/etc/enable.conf +++ b/salt/idstools/etc/enable.conf @@ -9,7 +9,8 @@ # - All regular expression matches are case insensitive. # re:hearbleed # re:MS(0[7-9]|10)-\d+ - +{%- if enabled_sids != None %} {%- for sid in enabled_sids %} {{ sid }} -{%- endfor %} \ No newline at end of file +{%- endfor %} +{%- endif %} \ No newline at end of file diff --git a/salt/idstools/etc/modify.conf b/salt/idstools/etc/modify.conf index 52c4ca2ea..4ea75ada2 100644 --- a/salt/idstools/etc/modify.conf +++ b/salt/idstools/etc/modify.conf @@ -5,6 +5,8 @@ # Example changing the seconds for rule 2019401 to 3600. #2019401 "seconds \d+" "seconds 3600" +{%- if modify_sids != None %} {%- for sid in modify_sids %} {{ sid }} -{%- endfor %} \ No newline at end of file +{%- endfor %} +{%- endif %} \ No newline at end of file From 7b1ca5f361b3837a4ae45e990c7abacca16388c2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 22:50:08 -0400 Subject: [PATCH 109/124] Fix common tools permissions --- salt/common/tools/sbin/so-docker-refresh | 0 salt/common/tools/sbin/so-elasticsearch-indices-rw | 0 salt/common/tools/sbin/so-fleet-setup | 0 salt/common/tools/sbin/so-saltstack-update | 0 salt/common/tools/sbin/so-sensor-clean | 0 salt/common/tools/sbin/so-zeek-stats | 0 salt/common/tools/sbin/soup | 0 7 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 salt/common/tools/sbin/so-docker-refresh mode change 100644 => 100755 salt/common/tools/sbin/so-elasticsearch-indices-rw mode change 100644 => 100755 salt/common/tools/sbin/so-fleet-setup mode change 100644 => 100755 salt/common/tools/sbin/so-saltstack-update mode change 100644 => 100755 salt/common/tools/sbin/so-sensor-clean mode change 100644 => 100755 salt/common/tools/sbin/so-zeek-stats mode change 100644 => 100755 salt/common/tools/sbin/soup diff --git a/salt/common/tools/sbin/so-docker-refresh b/salt/common/tools/sbin/so-docker-refresh old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-elasticsearch-indices-rw b/salt/common/tools/sbin/so-elasticsearch-indices-rw old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-fleet-setup b/salt/common/tools/sbin/so-fleet-setup old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-saltstack-update b/salt/common/tools/sbin/so-saltstack-update old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-sensor-clean b/salt/common/tools/sbin/so-sensor-clean old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/so-zeek-stats b/salt/common/tools/sbin/so-zeek-stats old mode 100644 new mode 100755 diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup old mode 100644 new mode 100755 From fbc8a90083e614c0758d9f6cdc07239ebe802e6e Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 22:58:15 -0400 Subject: [PATCH 110/124] Soup Update --- salt/common/tools/sbin/soup | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 75e5da10e..f6a2c293f 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -23,7 +23,7 @@ default_salt_dir=/opt/so/saltstack/default manager_check() { # Check to see if this is a manager MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') - if [[ "$MANAGERCHECK" =~ ^('so-eval'|'so-manager'|'so-managersearch')$ ]]; then + if [[ "$MANAGERCHECK" =~ ^('so-eval'|'so-manager'|'so-standalone'|'so-managersearch')$ ]]; then echo "This is a manager. We can proceed" else echo "Please run soup on the manager. The manager controls all updates." @@ -169,15 +169,25 @@ verify_latest_update_script() { fi } +echo "Checking to see if this is a manager" manager_check +echo "Cloning latest code to a temporary location" clone_to_tmp +echo "Verifying we have the latest script" verify_latest_update_script +echo "Let's see if we need to update" upgrade_check +echo "Making pillar changes" pillar_changes +echo "Cleaning up old docker" clean_dockers +echo "Updating docker to $NEWVERSION" update_dockers +echo "Copying new code" copy_new_files +echo "Running a highstate to complete upgrade" highstate +echo "Updating version" update_version echo "" echo "Upgrade from $INSTALLEDVERSION to $NEWVERSION complete." From 847a9d76e0fb5df032b54f45fe15db75bbdef129 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 23:02:28 -0400 Subject: [PATCH 111/124] Soup Update --- salt/common/tools/sbin/soup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index f6a2c293f..412c631b5 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -43,8 +43,8 @@ clone_to_tmp() { # Make a temp location for the files mkdir -p /tmp/sogh cd /tmp/sogh - #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion.git - git clone https://github.com/Security-Onion-Solutions/securityonion.git + git clone -b dev https://github.com/Security-Onion-Solutions/securityonion.git + #git clone https://github.com/Security-Onion-Solutions/securityonion.git cd /tmp if [ ! -f $UPDATE_DIR/VERSION ]; then echo "Update was unable to pull from github. Please check your internet." From 095a87dc46abe2520f8e041a8c0845998f809564 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 23:06:31 -0400 Subject: [PATCH 112/124] Soup Update --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 412c631b5..601faf4d9 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -155,7 +155,7 @@ upgrade_check() { verify_latest_update_script() { # Check to see if the update scripts match. If not run the new one. - CURRENTSOUP=$(md5sum /usr/sbin/soup) + CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup) GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup) if [ "$CURRENTSOUP" == "$GITSOUP" ]; then echo "This version of the soup script is up to date. Verifying versions." From 27568f00473552e1d9eb403b700bcf9001498fb4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 23:09:18 -0400 Subject: [PATCH 113/124] Soup Update --- salt/common/tools/sbin/soup | 2 ++ 1 file changed, 2 insertions(+) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 601faf4d9..135baac8a 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -157,6 +157,8 @@ verify_latest_update_script() { # Check to see if the update scripts match. If not run the new one. CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup) GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup) + echo "C is $CURRENTSOUP" + echo "G is $GITSOUP" if [ "$CURRENTSOUP" == "$GITSOUP" ]; then echo "This version of the soup script is up to date. Verifying versions." else From 5bab5ae7d19076f124bc1498a7117b3950b14b84 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 23:10:37 -0400 Subject: [PATCH 114/124] Soup Update --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 135baac8a..d42932eb7 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -159,7 +159,7 @@ verify_latest_update_script() { GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup) echo "C is $CURRENTSOUP" echo "G is $GITSOUP" - if [ "$CURRENTSOUP" == "$GITSOUP" ]; then + if [ $CURRENTSOUP = $GITSOUP ]; then echo "This version of the soup script is up to date. Verifying versions." else echo "You are not running the latest soup version. Updating soup." From 872f849204cd922318568f13037454e5fb4063e4 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 23:12:53 -0400 Subject: [PATCH 115/124] Soup Update --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index d42932eb7..a67c10aff 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -159,7 +159,7 @@ verify_latest_update_script() { GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup) echo "C is $CURRENTSOUP" echo "G is $GITSOUP" - if [ $CURRENTSOUP = $GITSOUP ]; then + if [[ "$CURRENTSOUP" == "$GITSOUP" ]]; then echo "This version of the soup script is up to date. Verifying versions." else echo "You are not running the latest soup version. Updating soup." From 954c12acfb950dece98e94f39583c6d679b3416f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 23:16:39 -0400 Subject: [PATCH 116/124] Soup Update --- salt/common/tools/sbin/soup | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index a67c10aff..eb02c6e89 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -155,8 +155,8 @@ upgrade_check() { verify_latest_update_script() { # Check to see if the update scripts match. If not run the new one. - CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup) - GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup) + CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup | awk '{print $1}') + GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup | awk '{print $1}') echo "C is $CURRENTSOUP" echo "G is $GITSOUP" if [[ "$CURRENTSOUP" == "$GITSOUP" ]]; then From 74e6846e8494d183daf79c8469a9a834ca2284e2 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 23:19:14 -0400 Subject: [PATCH 117/124] Soup Update --- salt/common/tools/sbin/soup | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index eb02c6e89..59a22bd7c 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -175,20 +175,28 @@ echo "Checking to see if this is a manager" manager_check echo "Cloning latest code to a temporary location" clone_to_tmp +echo "" echo "Verifying we have the latest script" verify_latest_update_script +echo "" echo "Let's see if we need to update" upgrade_check +echo "" echo "Making pillar changes" pillar_changes -echo "Cleaning up old docker" +echo "" +echo "Cleaning up old dockers" clean_dockers +echo "" echo "Updating docker to $NEWVERSION" update_dockers +echo "" echo "Copying new code" copy_new_files +echo "" echo "Running a highstate to complete upgrade" highstate +echo "" echo "Updating version" update_version echo "" From 0302d2b6acb1a5b2dccd9db7840389e57a757f0d Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 23:19:52 -0400 Subject: [PATCH 118/124] Soup Update --- salt/common/tools/sbin/soup | 2 -- 1 file changed, 2 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 59a22bd7c..9d2c0f348 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -157,8 +157,6 @@ verify_latest_update_script() { # Check to see if the update scripts match. If not run the new one. CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup | awk '{print $1}') GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup | awk '{print $1}') - echo "C is $CURRENTSOUP" - echo "G is $GITSOUP" if [[ "$CURRENTSOUP" == "$GITSOUP" ]]; then echo "This version of the soup script is up to date. Verifying versions." else From 28a954db8232623e97ad32bad2d60097a8af867f Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 23:24:22 -0400 Subject: [PATCH 119/124] Soup Update --- salt/common/tools/sbin/soup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 9d2c0f348..46a472cc0 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -129,7 +129,7 @@ update_dockers() { echo "Downloading $i:$NEWVERSION" docker pull --disable-content-trust=false docker.io/$IMAGEREPO/$i:$NEWVERSION # Tag it with the new registry destination - docker tag $IMAGEREPO/$i $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION + docker tag $IMAGEREPO/$i:$NEWVERSION $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION docker push $HOSTNAME:5000/$IMAGEREPO/$i:$NEWVERSION done From 514df1211e4f250eaea79ff3007aa69d106a06fe Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Sat, 18 Jul 2020 23:34:45 -0400 Subject: [PATCH 120/124] Soup Update --- salt/common/tools/sbin/soup | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup index 46a472cc0..878372e68 100755 --- a/salt/common/tools/sbin/soup +++ b/salt/common/tools/sbin/soup @@ -43,8 +43,8 @@ clone_to_tmp() { # Make a temp location for the files mkdir -p /tmp/sogh cd /tmp/sogh - git clone -b dev https://github.com/Security-Onion-Solutions/securityonion.git - #git clone https://github.com/Security-Onion-Solutions/securityonion.git + #git clone -b dev https://github.com/Security-Onion-Solutions/securityonion.git + git clone https://github.com/Security-Onion-Solutions/securityonion.git cd /tmp if [ ! -f $UPDATE_DIR/VERSION ]; then echo "Update was unable to pull from github. Please check your internet." @@ -158,7 +158,7 @@ verify_latest_update_script() { CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup | awk '{print $1}') GITSOUP=$(md5sum /tmp/sogh/securityonion/salt/common/tools/sbin/soup | awk '{print $1}') if [[ "$CURRENTSOUP" == "$GITSOUP" ]]; then - echo "This version of the soup script is up to date. Verifying versions." + echo "This version of the soup script is up to date. Proceeding." else echo "You are not running the latest soup version. Updating soup." cp $UPDATE_DIR/salt/common/tools/sbin/soup $default_salt_dir/salt/common/tools/sbin/ From 053f27eb35829bf8fcc9b3803ec9a7b5432159c6 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Sun, 19 Jul 2020 06:58:24 -0400 Subject: [PATCH 121/124] Run setterm, to blank terminal, only for non-automated installations --- setup/so-setup | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/setup/so-setup b/setup/so-setup index b9a19e9c6..6a432fc9d 100755 --- a/setup/so-setup +++ b/setup/so-setup @@ -118,7 +118,9 @@ if [ "$OS" == ubuntu ]; then update-alternatives --set newt-palette /etc/newt/palette.original >> $setup_log 2>&1 fi -setterm -blank 0 > /dev/null +if [ $automated == no ]; then + setterm -blank 0 >> $setup_log 2>&1 +fi if [ "$setup_type" == 'iso' ] || (whiptail_you_sure); then true From bd70fdbb33b609c24d2b58b84bb397a2837cca9b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Sun, 19 Jul 2020 08:11:57 -0400 Subject: [PATCH 122/124] Corrected JSON syntax to avoid a blank Overview screen in SOC; Applied HTML formatting of changes.json summaries for better markup handling. --- salt/soc/files/soc/changes.json | 36 +++++++++++++-------------------- 1 file changed, 14 insertions(+), 22 deletions(-) diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index f9d779da4..715b84566 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -2,10 +2,10 @@ "title": "Security Onion 2.0.0 RC1 is here!", "changes": [ { "summary": "Re-branded 2.0 to give it a fresh look." }, - { "summary": "All documentation has moved to https://docs.securityonion.net/en/2.0 " }, - { "summary": "soup is alive! Note: This tool only updates Security Onion components. Please use the built-in OS update process to keep the OS and other components up to date." }, - { "summary": "so-import-pcap is back! See the docs here: http://docs.securityonion.net/en/2.0/so-import-pcap " }, - { "summary": "Fixed issue with so-features-enable." }, + { "summary": "All documentation has moved to https://docs.securityonion.net/en/2.0" }, + { "summary": "soup is alive! Note: This tool only updates Security Onion components. Please use the built-in OS update process to keep the OS and other components up to date." }, + { "summary": "so-import-pcap is back! See the docs here: http://docs.securityonion.net/en/2.0/so-import-pcap." }, + { "summary": "Fixed issue with so-features-enable." }, { "summary": "Users can now pivot to PCAP from Suricata alerts." }, { "summary": "ISO install now prompts users to create an admin/sudo user instead of using a default account name." }, { "summary": "The web email & password set during setup is now used to create the initial accounts for TheHive, Cortex, and Fleet." }, @@ -16,25 +16,17 @@ { "summary": "Users can now easily customize shard counts per index." }, { "summary": "Improved Elastic ingest parsers including Windows event logs and Sysmon logs shipped with WinLogbeat and Osquery (ECS)." }, { "summary": "Elastic nodes are now HOT by default, making it easier to add a warm node later." }, - { "summary": "so-allow now runs at the end of an install so users can enable access right away." }, - { "summary": "Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardized and copied to `event.severity`:" }, - { "summary": " - 1-Low / 2-Medium / 3-High / 4-Critical." }, - { "summary": "Initial implementation of alerting queues:" }, - { "summary": " - Low & Medium alerts are accessible through Kibana & Hunt." }, - { "summary": " - High & Critical alerts are accessible through Kibana, Hunt and sent to TheHive for immediate analysis." }, - { "summary": " - ATT&CK Navigator is now a statically-hosted site in the nginx container." }, - { "summary": "Playbook:" }, - { "summary": " - All Sigma rules in the community repo (500+) are now imported and kept up to date." }, - { "summary": " - Initial implementation of automated testing when a Play's detection logic has been edited (i.e., Unit Testing)." }, - { "summary": " - Updated UI Theme." }, - { "summary": " - Once authenticated through SOC, users can now access Playbook with analyst permissions without login." }, - { "summary": "Kolide Launcher has been updated to include the ability to pass arbitrary flags. - New functionality sponsored by SOS." }, + { "summary": "so-allow now runs at the end of an install so users can enable access right away." }, + { "summary": "Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardized and copied to event.severity:

  1. Low
  2. Medium
  3. High
  4. Critical
" }, + { "summary": "Initial implementation of alerting queues:
  • Low & Medium alerts are accessible through Kibana & Hunt.
  • High & Critical alerts are accessible through Kibana, Hunt and TheHive for immediate analysis.
  • ATT&CK Navigator is now a statically-hosted site in the nginx container.
" }, + { "summary": "Playbook updates:
  • All Sigma rules in the community repo (500+) are now imported and kept up to date.
  • Initial implementation of automated testing when a Play's detection logic has been edited (i.e., Unit Testing).
  • Updated UI Theme.
  • Once authenticated through SOC, users can now access Playbook with analyst permissions without login.
" }, + { "summary": "Kolide Launcher has been updated to include the ability to pass arbitrary flags. This new functionality was sponsored by SOS." }, { "summary": "Fixed issue with Wazuh authd registration service port not being correctly exposed." }, - { "summary": "Added option for exposure of Elasticsearch REST API (port 9200) to so-allow for easier external querying/integration with other tools." }, - { "summary": "Added option to so-allow for external Strelka file uploads (e.g., via strelka-fileshot)." }, - { "summary": "Added default YARA rules for Strelka - Default rules are maintained by Florian Roth and pulled from https://github.com/Neo23x0/signature-base" }, + { "summary": "Added option for exposure of Elasticsearch REST API (port 9200) to so-allow for easier external querying/integration with other tools." }, + { "summary": "Added option to so-allow for external Strelka file uploads (e.g., via strelka-fileshot)." }, + { "summary": "Added default YARA rules for Strelka. Default rules are maintained by Florian Roth and pulled from https://github.com/Neo23x0/signature-base." }, { "summary": "Added the ability to use custom Zeek scripts." }, - { "summary": "Renamed \"master server\" to \"manager node\"." }, - { "summary": "Improved unification of Zeek and Strelka file data." }, + { "summary": "Renamed master server to manager node." }, + { "summary": "Improved unification of Zeek and Strelka file data." } ] } From beda859207552fc11ac07de7cb2097ddf7c54155 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 20 Jul 2020 08:47:09 -0400 Subject: [PATCH 123/124] Update changes.json sub-bullets to improve communication of the content --- salt/soc/files/soc/changes.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/salt/soc/files/soc/changes.json b/salt/soc/files/soc/changes.json index 715b84566..517816fcd 100644 --- a/salt/soc/files/soc/changes.json +++ b/salt/soc/files/soc/changes.json @@ -17,8 +17,9 @@ { "summary": "Improved Elastic ingest parsers including Windows event logs and Sysmon logs shipped with WinLogbeat and Osquery (ECS)." }, { "summary": "Elastic nodes are now HOT by default, making it easier to add a warm node later." }, { "summary": "so-allow now runs at the end of an install so users can enable access right away." }, - { "summary": "Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardized and copied to event.severity:
  1. Low
  2. Medium
  3. High
  4. Critical
" }, - { "summary": "Initial implementation of alerting queues:
  • Low & Medium alerts are accessible through Kibana & Hunt.
  • High & Critical alerts are accessible through Kibana, Hunt and TheHive for immediate analysis.
  • ATT&CK Navigator is now a statically-hosted site in the nginx container.
" }, + { "summary": "Alert severities across Wazuh, Suricata and Playbook (Sigma) have been standardized and copied to event.severity:
  • 1 = Low
  • 2 = Medium
  • 3 = High
  • 4 = Critical
" }, + { "summary": "Initial implementation of alerting queues:
  • Low & Medium alerts are accessible through Kibana & Hunt.
  • High & Critical alerts are accessible through Kibana, Hunt and TheHive for immediate analysis.
" }, + { "summary": "ATT&CK Navigator is now a statically-hosted site in the nginx container." }, { "summary": "Playbook updates:
  • All Sigma rules in the community repo (500+) are now imported and kept up to date.
  • Initial implementation of automated testing when a Play's detection logic has been edited (i.e., Unit Testing).
  • Updated UI Theme.
  • Once authenticated through SOC, users can now access Playbook with analyst permissions without login.
" }, { "summary": "Kolide Launcher has been updated to include the ability to pass arbitrary flags. This new functionality was sponsored by SOS." }, { "summary": "Fixed issue with Wazuh authd registration service port not being correctly exposed." }, From 9565050b82076348fdf972dc0e8c88a40c6683f9 Mon Sep 17 00:00:00 2001 From: Mike Reeves Date: Mon, 20 Jul 2020 10:15:47 -0400 Subject: [PATCH 124/124] Fix Features script --- salt/common/tools/sbin/so-features-enable | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/salt/common/tools/sbin/so-features-enable b/salt/common/tools/sbin/so-features-enable index a7507290f..c94aebcba 100755 --- a/salt/common/tools/sbin/so-features-enable +++ b/salt/common/tools/sbin/so-features-enable @@ -20,11 +20,12 @@ local_salt_dir=/opt/so/saltstack/local manager_check() { # Check to see if this is a manager MANAGERCHECK=$(cat /etc/salt/grains | grep role | awk '{print $2}') - if [ $MANAGERCHECK == 'so-eval' OR $MANAGERCHECK == 'so-manager' OR $MANAGERCHECK == 'so-managersearch' ]; then - echo "This is a manager. We can proceed." + if [[ "$MANAGERCHECK" =~ ^('so-eval'|'so-manager'|'so-standalone'|'so-managersearch')$ ]]; then + echo "This is a manager. We can proceed" else echo "Please run so-features-enable on the manager." exit 0 + fi } manager_check